Actions
Bug #3175
closed<Firewall: NAT: Port Forward: Edit> takes range in "Redirect target port"
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
09/02/2013
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
Description
If putting a range or an alias with a range in "Redirect target port" the rules crashes.
pfctl -s rules will be empty still after repairing this rule and reloading the rules.
- take range in field "Redirect target port".
- no rule is loaded if one rule crashes.
- If you use dst port 1-65535 to port 2 you will get: The target port range must be an integer between 1 and 65535.
If somebody fixing this I would like to redirect dst port 1-65535 to port 1111:1111. Is this possible?
Updated by Chris Buechler over 11 years ago
- Status changed from New to Rejected
not a bug, how things are supposed to work.
Updated by Grischa Zengel over 11 years ago
The SEO will be amused if no rules are loaded and all ports are open.
Updated by Grischa Zengel over 11 years ago
The problem is is_port will be true even if there is a range. So you have explicitly test for a range.
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
has to be like
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']) && is_portrange($_POST['localbeginport']))) {
Updated by Grischa Zengel over 11 years ago
if (!$input_errors) { if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); }
Here I would write "The calculated target end port must be between 1 and 65535" then you understand what is wrong.
Actions