Project

General

Profile

Actions

Bug #283

closed

Outbound NAT entry on disabled interface generates invalid ruleset

Added by Chris Buechler almost 15 years ago. Updated almost 15 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
01/05/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Where there are outbound NAT rules for a disabled OPT interface, an invalid ruleset is generated. Example, NAT rule:

                        <rule>
                                <source>
                                        <network>192.168.1.0/24</network>
                                </source>
                                <sourceport/>
                                <descr>LAN</descr>
                                <target/>
                                <interface>opt1</interface>
                                <destination>
                                        <any/>
                                </destination>
                                <natport/>
                                <dstport/>
                        </rule>

When OPT1 is disabled, it adds broken NAT rule:

nat on $OPT1 from 192.168.1.0/24 to any -> (opt1) port 1024:65535

Leaving you with:
/tmp/rules.debug:51: macro 'OPT1' not defined
/tmp/rules.debug:51: syntax error

Because this:
$if_friendly = convert_friendly_interface_to_friendly_descr($if);

returns disabled interfaces as well. Not sure of best fix.

Actions

Also available in: Atom PDF