Bug #14691
closed
Separators get shifted when copying firewall rules between interfaces
Added by Filip Bengtsson over 1 year ago.
Updated 11 months ago.
Plus Target Version:
23.09
Description
Reproduce¶
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the other with multiple rules and separators (OPT2).
- Go to Firewall --> Rules --> OPT1
- Click the copy/duplicate icon (overlapping squares) on an existing rule
- Change Interface to OPT2 and save
The new rule gets added first in the list, shifting the old rules relative to the separators as described below.
Example result¶
Rules and separator on target interface before copying:
- Separator A
- Rule A1
- Rule A2
- Separator B
- Rule B1
- Rule B2
After copying, I get:
- Separator A
- New rule
- Rule A1
- Separator B
- Rule A2
- Rule B1
- Rule B2
As you can see, the new rule was added on top and all separators kept their absolute position in the list, shifting them relative to the rules.
System information¶
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Files
- Status changed from New to In Progress
- Assignee set to Marcos M
- Affected Architecture deleted (
amd64)
- Status changed from In Progress to Pull Request Review
- Target version set to 2.8.0
- Plus Target Version set to 23.09
Tested against:
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
I followed the steps to replicate the issue. However, the rule has always been copied at the bottom of the list of the destination interface.
I'll test against 2.7.0 soon and let you know the results.
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to In Progress
The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to OPT1 (the new interface comes after).
I do see a new issue however - when editing a rule and changing the interface, the original rule is kept and a copy is made instead. Additionally, removing a single rule above a separator would not correctly shift the separators. Fixes coming shortly.
- Status changed from In Progress to Feedback
After applying the patch, I made the following observations:
Before copying:¶
Rules on source interface (LAN)
Rule LAN1
Rule LAN2
Rules on destination interface (OPT1)
SEPARATOR A
Rule A1
Rule A2
SEPARATOR B
Rule B1
Rule B2
After copying the Rule LAN1, changing the interface to OPT1¶
OPT1 interface rules:
SEPARATOR A
Rule LAN1
Rule A1
SEPARATOR B
Rule A2
Rule B1
Rule B2
The issue with the ordering rules after copying persists.
While the issue with the edit/change interface does remove the rule from the source interface but causes the same trouble with ordering as described above.
Note
LAN interface is (VLAN)
OPT1 is a native interface
That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there.
- Status changed from Feedback to Resolved
Tested against:
2.8.0-DEVELOPMENT (amd64)
built on Fri Aug 25 06:05:39 UTC 2023
FreeBSD 14.0-ALPHA2
Everything seems to be in order. It's possible that I made a mistake while testing the patch previously.
I am resolving this ticket.
- Target version changed from 2.8.0 to 2.7.1
<separator>
<wan></wan>
<lan></lan>
<opt1></opt1>
<floatingrules></floatingrules>
<ethernetrules></ethernetrules>
</separator>
This fixed my issues like this old separators were still showing in the config.xml file
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
