Project

General

Profile

Actions

Bug #3175

closed

<Firewall: NAT: Port Forward: Edit> takes range in "Redirect target port"

Added by Grischa Zengel over 11 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
09/02/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

If putting a range or an alias with a range in "Redirect target port" the rules crashes.
pfctl -s rules will be empty still after repairing this rule and reloading the rules.

There are more bugs:
  1. take range in field "Redirect target port".
  2. no rule is loaded if one rule crashes.
  3. If you use dst port 1-65535 to port 2 you will get: The target port range must be an integer between 1 and 65535.

If somebody fixing this I would like to redirect dst port 1-65535 to port 1111:1111. Is this possible?

Actions #1

Updated by Chris Buechler over 11 years ago

  • Status changed from New to Rejected

not a bug, how things are supposed to work.

Actions #2

Updated by Grischa Zengel over 11 years ago

The SEO will be amused if no rules are loaded and all ports are open.

Actions #3

Updated by Grischa Zengel over 11 years ago

The problem is is_port will be true even if there is a range. So you have explicitly test for a range.

if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {

has to be like
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']) && is_portrange($_POST['localbeginport']))) {

Actions #4

Updated by Grischa Zengel over 11 years ago

        if (!$input_errors) {
                if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
                        $input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
        }

Here I would write "The calculated target end port must be between 1 and 65535" then you understand what is wrong.

Actions #5

Updated by Chris Buechler over 9 years ago

  • Target version deleted (2.1)
Actions

Also available in: Atom PDF