Project

General

Profile

Actions

Bug #14702

closed

``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages

Added by John Uplink over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Hello pfSense,

I've noticed that when you create a NAT rule with a port range starting with 20 (e.g. 20-21 or 20-28, etc.) it will erroneously create a corresponding Firewall rule that allows all ports. Please see steps to reproduce and screenshots below for details.

NOTE: This was working in pfsense 2.6 CE, but broke when I upgraded to 23.05.1 plus edition. I can also confirm this bug on another device runing 23.05.01 plus that was previously upgraded from 2.7 CE.

Steps to reproduce:
1. Create a new NAT rule with port range 20 to 21 and target port of 20 (see 1st screenshot below)
2. Ensure "add associated filter rule" is selected at the bottom
3. Save rule and navigate to Firewall rules
4. Expected: A new Firewall rule is generated with a destination port range of 20-21
5. Actual: A new Firewall rule is generated with a destination port of ALL ports! (see 2nd screenshot below)


Files

NAT_Rule_Creation.jpg (315 KB) NAT_Rule_Creation.jpg John Uplink, 08/21/2023 06:38 AM
Firewall_Bug.jpg (171 KB) Firewall_Bug.jpg John Uplink, 08/21/2023 06:39 AM
Actions

Also available in: Atom PDF