Project

General

Profile

Bug #412

EasyRule doesn't work for non-TCP/UDP protocols

Added by Chris Buechler over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules/NAT
Target version:
Start date:
03/09/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

Example, trying to add a rule for OSPF:

easyrule.php?action=pass&int=wan&proto=ospf&src=10.0.50.1&dst=224.0.0.5&dstport=

Results in:

Status : EasyRule 

Message: Tried to pass invalid destination port: 

Note I haven't tried every non-TCP or UDP protocol, but suspect everything that doesn't use ports is the same.

Associated revisions

Revision 998f77a8 (diff)
Added by jim-p over 9 years ago

Fix EasyRule port check so it is only tested when the protocol is TCP or UDP. Resolves #412
While I'm here, make EasyRule put a description in when writing the config so it shows up properly in the config history.

History

#1 Updated by Jim Pingle over 9 years ago

  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle over 9 years ago

I explicitly test for ICMP and bypass that check. I wonder if it would be better to reverse that practice and only check ports when dealing with TCP and UDP, or any other protocols that require port numbers.

The only non-tcp/udp protocols which have entries in /etc/services showing port numbers are ddp and divert. I suppose I could add those into a list for checking ports.

#3 Updated by Chris Buechler over 9 years ago

Yeah that sounds best Jim, there are quite a few protocols without ports, and only two with. ddp and divert from services aren't actually services that will show up as having ports to PF.

#4 Updated by Anonymous over 9 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF