Bug #412
closedEasyRule doesn't work for non-TCP/UDP protocols
100%
Description
Example, trying to add a rule for OSPF:
easyrule.php?action=pass&int=wan&proto=ospf&src=10.0.50.1&dst=224.0.0.5&dstport=
Results in:
Status : EasyRule Message: Tried to pass invalid destination port:
Note I haven't tried every non-TCP or UDP protocol, but suspect everything that doesn't use ports is the same.
Updated by Jim Pingle almost 15 years ago
I explicitly test for ICMP and bypass that check. I wonder if it would be better to reverse that practice and only check ports when dealing with TCP and UDP, or any other protocols that require port numbers.
The only non-tcp/udp protocols which have entries in /etc/services showing port numbers are ddp and divert. I suppose I could add those into a list for checking ports.
Updated by Chris Buechler almost 15 years ago
Yeah that sounds best Jim, there are quite a few protocols without ports, and only two with. ddp and divert from services aren't actually services that will show up as having ports to PF.
Updated by Anonymous almost 15 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset 998f77a81fd256a78f21e2af9a91be9bac1eb35e.