Project

General

Profile

Bug #3510

Rules Advanced Features Advanced Options allows various invalid data entry

Added by Phillip Davis almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
03/06/2014
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

and the result is "there were errors loading the rules".
1) Maximum state entries this rule can create - (max 0) is allowed, -1, 1.1 and "a" are invalid
(hmmm - why would 0 zero be acceptable to pf? that would be equivalent to specifying "block" for the rule, wouldn't it?)
2) max-src-nodes, max-src-conn, max-src-states, max-src-conn-rate, tcp.established cannot be 0, -1, 1.1, "a" - it has to be a positive integer.
Needs data entry validation to prevent user foot-shooting.
I am happy to do this straight away.

Associated revisions

Revision 7b4d12dc
Added by Renato Botelho almost 7 years ago

Merge pull request #1021 from phil-davis/patch-6

Validate rule Advanced Options numeric entries, it should fix #3510

History

#1 Updated by Phillip Davis almost 7 years ago

Note: tcp.established is the pf parameter name, pfSense stores it in the rule as 'statetimeout'. The other parameters use the same name in the pfSense config as the pf rule.

#2 Updated by Anonymous almost 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Renato Botelho almost 7 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF