Regression #14918
closed
Filter rules error with 1:1 NAT rules that use the interface subnet macro
100%
Description
Create a binat rule using an interface subnet macro for the internal IP, then save/apply:
There were error(s) loading the rules: /tmp/rules.debug:2023: syntax error - The line in question reads [2023]: binat on openvpn inet from to 172.25.1.0/24 -> 172.20.10.1
@ 2023-10-24 14:44:09
Files
Updated by Marcos M about 1 year ago
- Status changed from In Progress to Pull Request Review
Updated by Marcos M about 1 year ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 4dc98294fe3f1f014730e654405141e94321fdb1.
There are two additional fixes related to binat rules:- The specialnet fix allows firewall_nat_1to1.php to print <if> subnet rather than <if> subnets.
- The negated rule change fixes a regression with https://redmine.pfsense.org/issues/10752 which ignores the negate checkbox.
Updated by Danilo Zrenjanin about 1 year ago
I was able to reproduce the issue. The patch fixes it.
However, if you choose:
(External Subnet IP) - WAN address
(Internal IP) - LAN subnet
It will automatically update the External Subnet IP to the Interface subnet.
binat on em0 inet from 192.168.1.0/24 to any -> 192.168.33.200/24
While the GUI still shows the WAN address as a selection for the External Subnet IP:
I believe there is room for improvement.
Updated by Marcos M about 1 year ago
- Status changed from Feedback to Resolved
That particular behavior (mask-bit in the NAT address) is not new.
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1