Bug #1386
closed
Nested port aliases causes "Unknown port" error upon loading filters
100%
Description
I'm trying to create nested port aliases in PFSense 2.0.
I created an Alias "R_Webserver", type "Ports", (role: webserver) which contains ports 80 and 443. Then I created an Alias "HR_Orion" (roles for host: orion), type "Ports", and added the "R_Webserver" alias. The input box offered me that alias name, so it seems to have been recognized.
Making a rule though which has "HR_Orion" as "destination port range", results in filter reload error:
There were error(s) loading the rules: /tmp/rules.debug:145: unknown port R_Webserverpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [145]: pass in quick on $WAN proto tcp from any to 188.40.20.92 port $HR_Orion flags S/SA keep state label "USER_RULE: NestTest" ...
Seems nested port aliases don't work?
Files
Updated by Ermal Luçi over 13 years ago
- Status changed from New to Feedback
Can you please give more detail on this?
Seems not many people havie seen this!
Updated by Frank Zavelberg over 13 years ago
What feedback exactly would you require? I was of the impression that I described the "procedure to reproduce the problem" quite in detail. :)
Updated by Ermal Luçi over 13 years ago
I would need the /tmp/rules.debug
also the port alias section from config.xml
Updated by Frank Zavelberg over 13 years ago
- File rules.debug rules.debug added
- File rules.error rules.error added
- File config-pandora.tianet.de-20110520003559.xml config-pandora.tianet.de-20110520003559.xml added
Please find the requested files attached.
The error occured when I create a port alias group "HR_Orion", containing the aliasses "R_Webserver" and "R_Webmin". I used that alias group in a firewall rule to have packets to "H_Orion" pass when their destination port is in "HR_Orion".
Updated by Ermal Luçi over 13 years ago
I just fixed this. Please test new snapshots.
Thanks for reporting.
Updated by Ermal Luçi over 13 years ago
- % Done changed from 0 to 100
Applied in changeset abcdca835cbce83d72d70bb957bbbf2118ae3d01.
Updated by Frank Zavelberg over 13 years ago
I just fixed this. Please test new snapshots.
I just updated my installation to:
2.0-RC2 (amd64)
built on Fri May 20 12:38:57 EDT 2011
The bug is still present there. How can I see in which version it will be included?
Updated by Frank Zavelberg over 13 years ago
Using the "Tue May 24 04:45:10 EDT 2011" version, the problem seems to be successfully fixed. :) I was able to create and use nested port aliases now.
Thanks! I'll report back should there be any further issues concerning this.
Updated by Ermal Luçi over 13 years ago
- Status changed from Feedback to Resolved
Updated by Frank Zavelberg over 13 years ago
As a closing note: I switched my firewall config fully to nested port aliases now (some are 3 levels deep), and it all looks okay.