Project

General

Profile

Actions
Copy link

Bug #16445

open

Attempting to edit a firewall rule using ID that does not exist displays default parameters instead of an error

Added by aleksei prokofiev 8 days ago. Updated 5 days ago.

Status:
Confirmed
Priority:
Very Low
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

If rule ID is not match any of presented on firewall it will be always shows TCP pass rule on interfaces.
It is not limited WG or Tailscale but for for clarity I provide steps to reproduce issue with these packages.
Steps:
1. Install WG and Tailscale
2. No configured it, there is no pass rule on WG and Tailscale


3. Open https://x.x.x.x/firewall_rules_edit.php?id=150 where is ID should be not match any rule and it always will open WG TCP pass rule

https://x.x.x.x/firewall_rules_edit.php?id=100

4. If you remove WG and repeat the https://x.x.x.x/firewall_rules_edit.php?id=100 in this time it will Tailscale TCP pass rule

5. If you remove Tailscale and repeat the https://x.x.x.x/firewall_rules_edit.php?id=100 in this time it will WAN TCP pass rule

I am not sure if it just cosmetic issue or really hidden pass rule.
Tested on
25.07.1-RELEASE (amd64)
built on Wed Aug 20 16:17:00 +04 2025
FreeBSD 15.0-CURRENT

Files

Download all files
clipboard-202509240914-j7ciz.png (34.8 KB) clipboard-202509240914-j7ciz.png aleksei prokofiev, 09/24/2025 06:14 AM
clipboard-202509240914-4emye.png (35.6 KB) clipboard-202509240914-4emye.png aleksei prokofiev, 09/24/2025 06:14 AM
clipboard-202509240916-w77sv.png (118 KB) clipboard-202509240916-w77sv.png aleksei prokofiev, 09/24/2025 06:16 AM
clipboard-202509240916-7hbx8.png (118 KB) clipboard-202509240916-7hbx8.png aleksei prokofiev, 09/24/2025 06:17 AM
clipboard-202509240918-aftb6.png (118 KB) clipboard-202509240918-aftb6.png aleksei prokofiev, 09/24/2025 06:18 AM
clipboard-202509240921-jylod.png (117 KB) clipboard-202509240921-jylod.png aleksei prokofiev, 09/24/2025 06:21 AM
clipboard-202509241002-voxw4.png (118 KB) clipboard-202509241002-voxw4.png aleksei prokofiev, 09/24/2025 07:02 AM
Actions
Copy link
 #1

Updated by aleksei prokofiev 8 days ago

Looks like it is acting to start to create new rule when you open https://x.x.x.x/firewall_rules_edit.php?id=100
if you press save the rule will be created
Also ID can be any count https://x.x.x.x/firewall_rules_edit.php?id=1000000000

Actions
Copy link
 #2

Updated by Jim Pingle 8 days ago

  • Subject changed from Rule ID incorrect behaviour to Attempting to edit a firewall rule using ID that does not exist displays default parameters instead of an error
  • Priority changed from High to Very Low
  • Target version deleted (25.07.1)

Those are just the default values for the form fields, nothing hidden/special. Same as if you clicked the button to create a new rule, it just didn't have a hint of which interface to select since it wasn't "on" a tab.

Though if the ID doesn't exist it should probably throw an error saying the rule doesn't exist rather than showing a blank form.

The only way that would happen is by manually changing the ID in the URL, not by navigating anywhere in the GUI, which isn't really supported. It would be nice to throw an error here instead, though.

Actions
Copy link
 #3

Updated by Kris Phillips 5 days ago

  • Status changed from New to Confirmed

This also isn't restricted to Wireguard or Tailscale. This happens for any rule number you choose for any interface. If Tailscale and Wireguard aren't configured or present, it will default to WAN.

Marking Confirmed.

Actions
Copy link

Also available in: Atom PDF