Project

General

Profile

Bug #283

Outbound NAT entry on disabled interface generates invalid ruleset

Added by Chris Buechler over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
01/05/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

Where there are outbound NAT rules for a disabled OPT interface, an invalid ruleset is generated. Example, NAT rule:

                        <rule>
                                <source>
                                        <network>192.168.1.0/24</network>
                                </source>
                                <sourceport/>
                                <descr>LAN</descr>
                                <target/>
                                <interface>opt1</interface>
                                <destination>
                                        <any/>
                                </destination>
                                <natport/>
                                <dstport/>
                        </rule>

When OPT1 is disabled, it adds broken NAT rule:

nat on $OPT1 from 192.168.1.0/24 to any -> (opt1) port 1024:65535

Leaving you with:
/tmp/rules.debug:51: macro 'OPT1' not defined
/tmp/rules.debug:51: syntax error

Because this:
$if_friendly = convert_friendly_interface_to_friendly_descr($if);

returns disabled interfaces as well. Not sure of best fix.

Associated revisions

Revision acfcea97 (diff)
Added by Ermal Luçi over 9 years ago

Ticket #283. Do not create Inbound(rdr) nat rules for disabled interfaces.

History

#1 Updated by Ermal Luçi over 9 years ago

  • Status changed from New to Feedback

#2 Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF