Project

General

Profile

Actions

Bug #13621

open

GUI allows selection of ICMP types that pf rejects

Added by Chris Linstruth over 1 year ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Example: selecting ICMP types any,echorep,echoreq cause pf to refuse to load the rule:

/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:259: syntax error - The line in question reads [259]: pass in quick on $SYNC inet proto icmp from 172.25.254.0/30 to 172.25.254.1 icmp-type { any,echorep,echoreq } ridentifier 1478221706 keep state label "USER_RULE: Default SYNC Rule" label "id:1478221706"

selecting only "any" or only "echorep,echoreq" loads fine.


Files

clipboard-202309240924-pqocc.png (7.15 KB) clipboard-202309240924-pqocc.png aleksei prokofiev, 09/24/2023 06:24 AM
Actions #1

Updated by Lev Prokofev about 1 year ago

Can confirm that behavior on 22.05 and 23.01 Beta

There were error(s) loading the rules: /tmp/rules.debug:430: syntax error - The line in question reads [430]: pass in quick on $OpenVPN inet proto icmp from 192.168.24.0/24 to any icmp-type { any,echorep,echoreq } ridentifier 1652883442 keep state label "USER_RULE" label "id:1652883442"

End of configuration backup to https://acb.netgate.com/save (success).

Actions #2

Updated by aleksei prokofiev 6 months ago

Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT

23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT

I can't reproduce

Actions

Also available in: Atom PDF