Project

General

Profile

Bug #1386

Nested port aliases causes "Unknown port" error upon loading filters

Added by Frank Zavelberg over 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
03/27/2011
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:
amd64

Description

I'm trying to create nested port aliases in PFSense 2.0.

I created an Alias "R_Webserver", type "Ports", (role: webserver) which contains ports 80 and 443. Then I created an Alias "HR_Orion" (roles for host: orion), type "Ports", and added the "R_Webserver" alias. The input box offered me that alias name, so it seems to have been recognized.

Making a rule though which has "HR_Orion" as "destination port range", results in filter reload error:

There were error(s) loading the rules: /tmp/rules.debug:145: unknown port R_Webserverpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [145]: pass in quick on $WAN proto tcp from any to 188.40.20.92 port $HR_Orion flags S/SA keep state label "USER_RULE: NestTest" ...

Seems nested port aliases don't work?

rules.debug (14.3 KB) rules.debug Frank Zavelberg, 05/19/2011 06:41 PM
rules.error (290 Bytes) rules.error Frank Zavelberg, 05/19/2011 06:41 PM
config-pandora.tianet.de-20110520003559.xml (10.3 KB) config-pandora.tianet.de-20110520003559.xml Frank Zavelberg, 05/19/2011 06:41 PM

Associated revisions

Revision abcdca83 (diff)
Added by Ermal Luçi about 8 years ago

Fixes #1386. Correct unlooping nested port aliases.

History

#1 Updated by Ermal Luçi about 8 years ago

  • Status changed from New to Feedback

Can you please give more detail on this?
Seems not many people havie seen this!

#2 Updated by Frank Zavelberg about 8 years ago

What feedback exactly would you require? I was of the impression that I described the "procedure to reproduce the problem" quite in detail. :)

#3 Updated by Ermal Luçi about 8 years ago

I would need the /tmp/rules.debug

also the port alias section from config.xml

#4 Updated by Frank Zavelberg about 8 years ago

Please find the requested files attached.

The error occured when I create a port alias group "HR_Orion", containing the aliasses "R_Webserver" and "R_Webmin". I used that alias group in a firewall rule to have packets to "H_Orion" pass when their destination port is in "HR_Orion".

#5 Updated by Ermal Luçi about 8 years ago

I just fixed this. Please test new snapshots.

Thanks for reporting.

#6 Updated by Ermal Luçi about 8 years ago

  • % Done changed from 0 to 100

#7 Updated by Frank Zavelberg about 8 years ago

I just fixed this. Please test new snapshots.

I just updated my installation to:

2.0-RC2 (amd64)
built on Fri May 20 12:38:57 EDT 2011

The bug is still present there. How can I see in which version it will be included?

#8 Updated by Ermal Luçi about 8 years ago

Next snapshot should.

#9 Updated by Frank Zavelberg about 8 years ago

Using the "Tue May 24 04:45:10 EDT 2011" version, the problem seems to be successfully fixed. :) I was able to create and use nested port aliases now.

Thanks! I'll report back should there be any further issues concerning this.

#10 Updated by Ermal Luçi about 8 years ago

  • Status changed from Feedback to Resolved

#11 Updated by Frank Zavelberg about 8 years ago

As a closing note: I switched my firewall config fully to nested port aliases now (some are 3 levels deep), and it all looks okay.

Also available in: Atom PDF