Project

General

Profile

Actions
Copy link

Bug #412

closed

EasyRule doesn't work for non-TCP/UDP protocols

Added by Chris Buechler over 14 years ago. Updated over 14 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Rules / NAT
Target version:
2.0
Start date:
03/09/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Example, trying to add a rule for OSPF: 

easyrule.php?action=pass&int=wan&proto=ospf&src=10.0.50.1&dst=224.0.0.5&dstport=

Results in: 

Status : EasyRule 

Message: Tried to pass invalid destination port:

Note I haven't tried every non-TCP or UDP protocol, but suspect everything that doesn't use ports is the same.

Actions
Copy link
 #1

Updated by Jim Pingle over 14 years ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #2

Updated by Jim Pingle over 14 years ago

I explicitly test for ICMP and bypass that check. I wonder if it would be better to reverse that practice and only check ports when dealing with TCP and UDP, or any other protocols that require port numbers.

The only non-tcp/udp protocols which have entries in /etc/services showing port numbers are ddp and divert. I suppose I could add those into a list for checking ports.

Actions
Copy link
 #3

Updated by Chris Buechler over 14 years ago

Yeah that sounds best Jim, there are quite a few protocols without ports, and only two with. ddp and divert from services aren't actually services that will show up as having ports to PF.

Actions
Copy link
 #4

Updated by Anonymous over 14 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF