Bug #3175
closed
<Firewall: NAT: Port Forward: Edit> takes range in "Redirect target port"
Added by Grischa Zengel over 10 years ago.
Updated almost 9 years ago.
Description
If putting a range or an alias with a range in "Redirect target port" the rules crashes.
pfctl -s rules will be empty still after repairing this rule and reloading the rules.
There are more bugs:
- take range in field "Redirect target port".
- no rule is loaded if one rule crashes.
- If you use dst port 1-65535 to port 2 you will get: The target port range must be an integer between 1 and 65535.
If somebody fixing this I would like to redirect dst port 1-65535 to port 1111:1111. Is this possible?
- Status changed from New to Rejected
not a bug, how things are supposed to work.
The SEO will be amused if no rules are loaded and all ports are open.
The problem is is_port will be true even if there is a range. So you have explicitly test for a range.
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
has to be like
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']) && is_portrange($_POST['localbeginport']))) {
if (!$input_errors) {
if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
}
Here I would write "The calculated target end port must be between 1 and 65535" then you understand what is wrong.
- Target version deleted (
2.1)
Also available in: Atom
PDF
Updated by 
Updated by