Project

General

Profile

Actions

Bug #3510

closed

Rules Advanced Features Advanced Options allows various invalid data entry

Added by Phillip Davis over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
03/06/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

and the result is "there were errors loading the rules".
1) Maximum state entries this rule can create - (max 0) is allowed, -1, 1.1 and "a" are invalid
(hmmm - why would 0 zero be acceptable to pf? that would be equivalent to specifying "block" for the rule, wouldn't it?)
2) max-src-nodes, max-src-conn, max-src-states, max-src-conn-rate, tcp.established cannot be 0, -1, 1.1, "a" - it has to be a positive integer.
Needs data entry validation to prevent user foot-shooting.
I am happy to do this straight away.

Actions #1

Updated by Phillip Davis over 7 years ago

Note: tcp.established is the pf parameter name, pfSense stores it in the rule as 'statetimeout'. The other parameters use the same name in the pfSense config as the pf rule.

Actions #2

Updated by Anonymous over 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Renato Botelho over 7 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF