Project

General

Profile

Actions
Copy link

Bug #283

closed

Outbound NAT entry on disabled interface generates invalid ruleset

Added by Chris Buechler almost 15 years ago. Updated almost 15 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
2.0
Start date:
01/05/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Where there are outbound NAT rules for a disabled OPT interface, an invalid ruleset is generated. Example, NAT rule:

                        <rule>
                                <source>
                                        <network>192.168.1.0/24</network>
                                </source>
                                <sourceport/>
                                <descr>LAN</descr>
                                <target/>
                                <interface>opt1</interface>
                                <destination>
                                        <any/>
                                </destination>
                                <natport/>
                                <dstport/>
                        </rule>

When OPT1 is disabled, it adds broken NAT rule: 

nat on $OPT1 from 192.168.1.0/24 to any -> (opt1) port 1024:65535

Leaving you with: 
/tmp/rules.debug:51: macro 'OPT1' not defined
/tmp/rules.debug:51: syntax error

Because this: 
$if_friendly = convert_friendly_interface_to_friendly_descr($if);

returns disabled interfaces as well. Not sure of best fix.

Actions
Copy link
 #1

Updated by Ermal Luçi almost 15 years ago

  • Status changed from New to Feedback
Actions
Copy link
 #2

Updated by Chris Buechler almost 15 years ago

  • Status changed from Feedback to Resolved

fixed

Actions
Copy link

Also available in: Atom PDF