Project

General

Profile

Actions

Bug #1386

closed

Nested port aliases causes "Unknown port" error upon loading filters

Added by Frank Zavelberg over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
03/27/2011
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
amd64

Description

I'm trying to create nested port aliases in PFSense 2.0.

I created an Alias "R_Webserver", type "Ports", (role: webserver) which contains ports 80 and 443. Then I created an Alias "HR_Orion" (roles for host: orion), type "Ports", and added the "R_Webserver" alias. The input box offered me that alias name, so it seems to have been recognized.

Making a rule though which has "HR_Orion" as "destination port range", results in filter reload error:

There were error(s) loading the rules: /tmp/rules.debug:145: unknown port R_Webserverpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [145]: pass in quick on $WAN proto tcp from any to 188.40.20.92 port $HR_Orion flags S/SA keep state label "USER_RULE: NestTest" ...

Seems nested port aliases don't work?


Files

rules.debug (14.3 KB) rules.debug Frank Zavelberg, 05/19/2011 06:41 PM
rules.error (290 Bytes) rules.error Frank Zavelberg, 05/19/2011 06:41 PM
config-pandora.tianet.de-20110520003559.xml (10.3 KB) config-pandora.tianet.de-20110520003559.xml Frank Zavelberg, 05/19/2011 06:41 PM
Actions #1

Updated by Ermal Luçi over 10 years ago

  • Status changed from New to Feedback

Can you please give more detail on this?
Seems not many people havie seen this!

Actions #2

Updated by Frank Zavelberg over 10 years ago

What feedback exactly would you require? I was of the impression that I described the "procedure to reproduce the problem" quite in detail. :)

Actions #3

Updated by Ermal Luçi over 10 years ago

I would need the /tmp/rules.debug

also the port alias section from config.xml

Actions #4

Updated by Frank Zavelberg over 10 years ago

Please find the requested files attached.

The error occured when I create a port alias group "HR_Orion", containing the aliasses "R_Webserver" and "R_Webmin". I used that alias group in a firewall rule to have packets to "H_Orion" pass when their destination port is in "HR_Orion".

Actions #5

Updated by Ermal Luçi over 10 years ago

I just fixed this. Please test new snapshots.

Thanks for reporting.

Actions #6

Updated by Ermal Luçi over 10 years ago

  • % Done changed from 0 to 100
Actions #7

Updated by Frank Zavelberg over 10 years ago

I just fixed this. Please test new snapshots.

I just updated my installation to:

2.0-RC2 (amd64)
built on Fri May 20 12:38:57 EDT 2011

The bug is still present there. How can I see in which version it will be included?

Actions #8

Updated by Ermal Luçi over 10 years ago

Next snapshot should.

Actions #9

Updated by Frank Zavelberg over 10 years ago

Using the "Tue May 24 04:45:10 EDT 2011" version, the problem seems to be successfully fixed. :) I was able to create and use nested port aliases now.

Thanks! I'll report back should there be any further issues concerning this.

Actions #10

Updated by Ermal Luçi over 10 years ago

  • Status changed from Feedback to Resolved
Actions #11

Updated by Frank Zavelberg over 10 years ago

As a closing note: I switched my firewall config fully to nested port aliases now (some are 3 levels deep), and it all looks okay.

Actions

Also available in: Atom PDF