Project

General

Profile

Actions

Bug #412

closed

EasyRule doesn't work for non-TCP/UDP protocols

Added by Chris Buechler almost 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
03/09/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Example, trying to add a rule for OSPF:

easyrule.php?action=pass&int=wan&proto=ospf&src=10.0.50.1&dst=224.0.0.5&dstport=

Results in:

Status : EasyRule 

Message: Tried to pass invalid destination port: 

Note I haven't tried every non-TCP or UDP protocol, but suspect everything that doesn't use ports is the same.

Actions #1

Updated by Jim Pingle over 11 years ago

  • Assignee set to Jim Pingle
Actions #2

Updated by Jim Pingle over 11 years ago

I explicitly test for ICMP and bypass that check. I wonder if it would be better to reverse that practice and only check ports when dealing with TCP and UDP, or any other protocols that require port numbers.

The only non-tcp/udp protocols which have entries in /etc/services showing port numbers are ddp and divert. I suppose I could add those into a list for checking ports.

Actions #3

Updated by Chris Buechler over 11 years ago

Yeah that sounds best Jim, there are quite a few protocols without ports, and only two with. ddp and divert from services aren't actually services that will show up as having ports to PF.

Actions #4

Updated by Anonymous over 11 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF