Project

General

Profile

Actions

Regression #14870

closed

Aliases are incorrectly added to rules

Added by Steve Wheeler 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Aliases / Tables
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

Aliases are shown incorrectly in rules as 'single/0'. This then throws errors loading the ruleset:

Unresolvable source alias 'single/0' for rule 'Test rule' @ 2023-10-13 14:49:54

That is this alias:

        <alias>
            <name>Test1</name>
            <type>host</type>
            <address>172.21.24.8</address>
            <descr><![CDATA[Test alias]]></descr>
            <detail><![CDATA[Entry added Fri, 13 Oct 2023 14:45:57 +0100]]></detail>
        </alias>

In this rule:

        <rule>
            <id></id>
            <tracker>1697204983</tracker>
            <type>block</type>
            <interface>wan</interface>
            <ipprotocol>inet</ipprotocol>
            <tag></tag>
            <tagged></tagged>
            <max></max>
            <max-src-nodes></max-src-nodes>
            <max-src-conn></max-src-conn>
            <max-src-states></max-src-states>
            <statetimeout></statetimeout>
            <statetype><![CDATA[keep state]]></statetype>
            <os></os>
            <protocol>tcp</protocol>
            <srcmac></srcmac>
            <dstmac></dstmac>
            <source>
                <address>single/0</address>
            </source>
            <destination>
                <any></any>
            </destination>
            <descr><![CDATA[Test rule]]></descr>
            <bridgeto></bridgeto>
            <updated>
                <time>1697204983</time>
                <username><![CDATA[admin@172.21.16.8 (Local Database)]]></username>
            </updated>
            <created>
                <time>1697204983</time>
                <username><![CDATA[admin@172.21.16.8 (Local Database)]]></username>
            </created>
        </rule>

Generating this ruleset:

table <Test1> {   172.21.24.8 } 
Test1 = "<Test1>" 
...
# Unresolvable source alias 'single/0' for rule 'Test rule' label "USER_RULE: Test rule" 


Files


Related issues

Related to Regression #14867: Address family validation prevents creating 1:1 NAT ruleResolvedMarcos M

Actions
Actions #1

Updated by Steve Wheeler 5 months ago

Tested:

23.09-BETA (amd64)
built on Thu Oct 12 7:00:00 BST 2023
FreeBSD 14.0-CURRENT

and
23.09-BETA (arm)
built on Wed Oct 11 7:00:00 BST 2023
FreeBSD 14.0-CURRENT

This appears to be a regression since:

23.09-BETA (arm)
built on Fri Oct 6 9:22:00 BST 2023
FreeBSD 14.0-CURRENT

Actions #2

Updated by Marcos M 5 months ago

  • Description updated (diff)
Actions #3

Updated by yon Liu 5 months ago

when i input network 2602:fed6:7021::/48, it is show network/0 in firewall rule

Actions #4

Updated by Lev Prokofev 5 months ago

I can't reproduce it on the

23.09-BETA (amd64)
built on Fri Oct 13 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT

Actions #5

Updated by Steve Wheeler 5 months ago

  • Status changed from New to Feedback

Yes, I believe this is fixed in the current snapshot.

Actions #6

Updated by Marcos M 5 months ago

  • Related to Regression #14867: Address family validation prevents creating 1:1 NAT rule added
Actions #7

Updated by Marcos M 5 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Marcos M
  • Release Notes changed from Default to Force Exclusion

Fix for this is the same as the fix in #14867.

Actions #8

Updated by Jim Pingle 4 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF