Project

General

Profile

Bug #3939

Cannot create Host or Network type alias with an IP address/range

Added by Landon Timothy almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Category:
Rules/NAT
Target version:
Start date:
10/15/2014
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

Affects 2.1.5 release as well as the latest 2.2 build - pfSense-LiveCD-2.2-BETA-amd64-20141015-1437.iso

Repro steps:
Clean install or LiveCD boot.

Create new Host or Network type alias.
With FQDN only - pfctl -T show -t alias shows the resolved IP list.
Add IP/Network to the alias - pfctl -T show -t alias shows 'Table does not exist.'

Table is never created when using only IP/Network for alias.

Upgraded configurations from 2.1.x work, but new aliases created have the issue.

Associated revisions

Revision d9b05eb4 (diff)
Added by Renato Botelho almost 4 years ago

When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939

History

#1 Updated by Chris Buechler almost 4 years ago

  • Category set to Rules/NAT
  • Status changed from New to Confirmed
  • Priority changed from Normal to High
  • Target version set to 2.2

Confirmed as described. Create a new host alias containing only "example.com", save and apply changes.

# host example.com 
example.com has address 93.184.216.119
example.com has IPv6 address 2606:2800:220:6d:26bf:1447:1097:aa7
# pfctl -t TestAlias -T show 
   93.184.216.119
   2606:2800:220:6d:26bf:1447:1097:aa7

That's correct. Now edit that alias, and add an IP address in the second box. Save and apply changes.

# pfctl -t TestAlias -T show
pfctl: Table does not exist.

#2 Updated by Chris Buechler almost 4 years ago

  • Affected Version set to 2.2
  • Affected Documentation 1 added

#3 Updated by Renato Botelho almost 4 years ago

  • Assignee set to Renato Botelho

#4 Updated by Renato Botelho almost 4 years ago

  • Affected Version changed from 2.2 to 2.1.x

#5 Updated by Chris Buechler almost 4 years ago

  • Affected Version changed from 2.1.x to All

#6 Updated by Renato Botelho almost 4 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

Please try next snapshots

#8 Updated by Chris Buechler almost 4 years ago

  • Assignee changed from Renato Botelho to Chris Buechler

to me for testing

#9 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Resolved

works

#10 Updated by Renato Botelho almost 4 years ago

  • Status changed from Resolved to Assigned
  • Assignee changed from Chris Buechler to Renato Botelho

Ermal pointed that the function I disabled is needed in some specific cases. I'm reviewing

#11 Updated by Renato Botelho almost 4 years ago

  • Status changed from Assigned to Feedback

New snapshots will contain last filterdns code

#12 Updated by Chris Buechler almost 4 years ago

  • Assignee changed from Renato Botelho to Chris Buechler

to me for testing

#13 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Resolved

fixed

#14 Updated by Landon Timothy almost 4 years ago

It looks like there is still an issue with this.
If I create a new alias with 2 networks and 2 FQDN's, all expected entries are in the table.
Add another FQDN, some (or all) of the networks are removed but the resolved FQDN's stay in the table.
The resolver log shows messages like these:

filterdns: Different hostnames(10.0.0.0 - www.pfsense.org) resolve to same ip address
filterdns: Different hostnames(172.16.0.0 - www.pfsense.org) resolve to same ip address

Also available in: Atom PDF