Actions
Bug #1882
closed
Invalid pf rule generated from a port forward with dest=any on an interface with ip=none
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
09/16/2011
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
Description
If you have an interface with an IP type of "none", and then create a port forward on that interface with a destination of "any", it leads to an invalid ruleset.
Config snip of the offending port forward:
<rule>
<source>
<any/>
</source>
<destination>
<any/>
<port>80</port>
</destination>
<protocol>tcp</protocol>
<target>192.168.1.55</target>
<local-port>80</local-port>
<interface>opt1</interface>
<descr/>
<associated-rule-id>nat_4e738285d7c807.89552620</associated-rule-id>
<value>default</value>
</rule>
Leads to these rules:
rdr on vr2 proto tcp from any to any port 80 -> 192.168.1.55 no nat on vr2 proto tcp from (vr2) to / nat on vr2 proto tcp from / to 192.168.1.55 port 80 -> (vr2)
Updated by 
Updated by
Actions