Bug #3560


Disabled Static Route not fully disabled

Added by Phillip Davis over 10 years ago. Updated over 7 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


Add a gateway to an internal router behind LAN. Add a static route to some private IPv4 subnet behind that gateway. Automatic Outbound NAT is enabled. The system defines a route in the routing table and includes that subnet in "tonatsubnets" list in the pf rule set, and correctly NATs that subnet out on WAN good stuff.
Now edit the static route, select "Disabled" and save, apply. The route is removed from the routing table - good. But "tonatsubnets" still contains the subnet and thus there are still NAT rule/s outbound for that subnet - should not be like that.
It looks like many bits of code do not check and process only the "enabled" static routes.
/etc/inc/ get_staticroutes() returns all routes, enabled or disabled.
For validation, that is probably good - e.g. when deleting an alias it is good to check if the alias is used even in a disabled static route.
But for live implementation code, just the enabled static routes should be returned for the caller to process and put into conf file, pf rule set...
Perhaps add a parameter so the caller can decide if they want all, or just the enabled static routes. Then adjust the existing calls to get_staticroutes().

Also, /etc/inc/ function services_dhcrelay6_configure() does some processing of $config['staticroutes']['route'] without ever filtering out "disabled" static routes. So that code is going to process static routes that are disabled, whatever side-effect that will have.

I looked at this because of forum where Dayid Alan noted that he resolved his issue by actually deleting a static route that had been just disabled. I expect that a review of the calls to get_staticroutes() as proposed above will result in this forum issue being fixed also.

Actions #1

Updated by Phillip Davis over 10 years ago

I didn't bother putting a target version on this, IMHO I wouldn't hold up any release for this! The simple workaround is just to actually delete the static route, rather than only disabling it.

Actions #2

Updated by Phillip Davis over 10 years ago

After doing testing, I deleted my static route. But there was no subsystem-dirty prompt to apply the change. The pf rule set "tonatsubnets" list still contained the subnet from the static route. After deleting the gateway, I got the apply button, and that rebuilt the pf rule set and "tonatsubnets" correctly lost the deleted static route.

Actions #3

Updated by Chris Buechler almost 9 years ago

  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Affected Version changed from 2.1 to All
Actions #5

Updated by Renato Botelho over 7 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.4.0
  • % Done changed from 0 to 100

PR has been merged, thanks!

Actions #6

Updated by Jim Pingle over 7 years ago

  • Status changed from Feedback to Resolved


Actions #7

Updated by Jim Pingle over 7 years ago

  • Target version changed from 2.4.0 to 2.3.3

Also available in: Atom PDF