Project

General

Profile

Actions

Bug #4296

closed

Using the same FQDN in multiple aliases causes static entries to be lost

Added by Jim Pingle almost 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Ermal Luçi
Category:
Rules / NAT
Target version:
Start date:
01/25/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

If aliases exist that have both FQDN entries and IP address or network entries, and the same FQDN entries are in multiple aliases, the alias is eventually cut down to only the resolved FQDN entries and the static entries are lost.

It is OK immediately after a filter reload, but eventually only the FQDN resolved entries remain.

One pair of aliases that can exhibit this behavior is:

        <alias>
            <name>AdminHosts</name>
            <address>10.93.223.0/25 10.93.223.128/27 10.93.221.0/27 10.93.223.192/26 10.93.220.30/32 server2.example.com 10.48.84.252/32 10.43.6.66/32 10.43.22.43/32 10.68.6.8/32 server1.example.com 10.19.14.160/28 192.0.2.0/24 192.168.10.0/24 10.95.22.253/32</address>
            <descr><![CDATA[Hosts that can access remote admin systems]]></descr>
            <type>network</type>
            <detail><![CDATA[Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah]]></detail>
        </alias>
        <alias>
            <name>Jim</name>
            <address>server1.example.com server2.example.com 10.68.6.8/32 10.19.14.160/28 192.0.2.0/24</address>
            <descr><![CDATA[Jim]]></descr>
            <type>network</type>
            <detail><![CDATA[Blah||Blah||Blah||Blah||Blah]]></detail>
        </alias>

DNS entries exist for server1.example.com (10.42.42.11) and server2.example.com (10.42.42.12)

: cat /var/etc/filterdns.conf 
pf server2.example.com AdminHosts
pf server1.example.com AdminHosts
pf 10.93.223.0/25 AdminHosts
pf 10.93.223.128/27 AdminHosts
pf 10.93.221.0/27 AdminHosts
pf 10.93.223.192/26 AdminHosts
pf 10.93.220.30/32 AdminHosts
pf 10.48.84.252/32 AdminHosts
pf 10.43.6.66/32 AdminHosts
pf 10.43.22.43/32 AdminHosts
pf 10.68.6.8/32 AdminHosts
pf 10.19.14.160/28 AdminHosts
pf 192.0.2.0/24 AdminHosts
pf 192.168.10.0/24 AdminHosts
pf 10.95.22.253/32 AdminHosts
pf server1.example.com Jim
pf server2.example.com Jim
pf 10.68.6.8/32 Jim
pf 10.19.14.160/28 Jim
pf 192.0.2.0/24 Jim

And this results in:

: pfctl -T show -t Jim
   10.42.42.11
   10.42.42.12

Actions

Also available in: Atom PDF