Bug #3560


Disabled Static Route not fully disabled

Added by Phillip Davis almost 10 years ago. Updated about 7 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


Add a gateway to an internal router behind LAN. Add a static route to some private IPv4 subnet behind that gateway. Automatic Outbound NAT is enabled. The system defines a route in the routing table and includes that subnet in "tonatsubnets" list in the pf rule set, and correctly NATs that subnet out on WAN good stuff.
Now edit the static route, select "Disabled" and save, apply. The route is removed from the routing table - good. But "tonatsubnets" still contains the subnet and thus there are still NAT rule/s outbound for that subnet - should not be like that.
It looks like many bits of code do not check and process only the "enabled" static routes.
/etc/inc/ get_staticroutes() returns all routes, enabled or disabled.
For validation, that is probably good - e.g. when deleting an alias it is good to check if the alias is used even in a disabled static route.
But for live implementation code, just the enabled static routes should be returned for the caller to process and put into conf file, pf rule set...
Perhaps add a parameter so the caller can decide if they want all, or just the enabled static routes. Then adjust the existing calls to get_staticroutes().

Also, /etc/inc/ function services_dhcrelay6_configure() does some processing of $config['staticroutes']['route'] without ever filtering out "disabled" static routes. So that code is going to process static routes that are disabled, whatever side-effect that will have.

I looked at this because of forum where Dayid Alan noted that he resolved his issue by actually deleting a static route that had been just disabled. I expect that a review of the calls to get_staticroutes() as proposed above will result in this forum issue being fixed also.


Also available in: Atom PDF