Bug #4296: Using the same FQDN in multiple aliases causes static entries to be lost - pfSense - pfSense bugtracker

Actions

Copy link

Bug #4296

closed

Using the same FQDN in multiple aliases causes static entries to be lost

Added by Jim Pingle almost 10 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

High

Assignee:

Ermal Luçi

Category:

Rules / NAT

Target version:

2.2.3

Start date:

01/25/2015

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

Description

If aliases exist that have both FQDN entries and IP address or network entries, and the same FQDN entries are in multiple aliases, the alias is eventually cut down to only the resolved FQDN entries and the static entries are lost.

It is OK immediately after a filter reload, but eventually only the FQDN resolved entries remain.

One pair of aliases that can exhibit this behavior is:

        <alias>
            <name>AdminHosts</name>
            <address>10.93.223.0/25 10.93.223.128/27 10.93.221.0/27 10.93.223.192/26 10.93.220.30/32 server2.example.com 10.48.84.252/32 10.43.6.66/32 10.43.22.43/32 10.68.6.8/32 server1.example.com 10.19.14.160/28 192.0.2.0/24 192.168.10.0/24 10.95.22.253/32</address>
            <descr><![CDATA[Hosts that can access remote admin systems]]></descr>
            <type>network</type>
            <detail><![CDATA[Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah||Blah]]></detail>
        </alias>
        <alias>
            <name>Jim</name>
            <address>server1.example.com server2.example.com 10.68.6.8/32 10.19.14.160/28 192.0.2.0/24</address>
            <descr><![CDATA[Jim]]></descr>
            <type>network</type>
            <detail><![CDATA[Blah||Blah||Blah||Blah||Blah]]></detail>
        </alias>

DNS entries exist for server1.example.com (10.42.42.11) and server2.example.com (10.42.42.12)

: cat /var/etc/filterdns.conf 
pf server2.example.com AdminHosts
pf server1.example.com AdminHosts
pf 10.93.223.0/25 AdminHosts
pf 10.93.223.128/27 AdminHosts
pf 10.93.221.0/27 AdminHosts
pf 10.93.223.192/26 AdminHosts
pf 10.93.220.30/32 AdminHosts
pf 10.48.84.252/32 AdminHosts
pf 10.43.6.66/32 AdminHosts
pf 10.43.22.43/32 AdminHosts
pf 10.68.6.8/32 AdminHosts
pf 10.19.14.160/28 AdminHosts
pf 192.0.2.0/24 AdminHosts
pf 192.168.10.0/24 AdminHosts
pf 10.95.22.253/32 AdminHosts
pf server1.example.com Jim
pf server2.example.com Jim
pf 10.68.6.8/32 Jim
pf 10.19.14.160/28 Jim
pf 192.0.2.0/24 Jim

And this results in:

: pfctl -T show -t Jim
   10.42.42.11
   10.42.42.12

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #4296

Using the same FQDN in multiple aliases causes static entries to be lost

Updated by Ermal Luçi almost 10 years ago

Updated by Chris Buechler over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Chris Buechler over 9 years ago

Updated by Bipin Chandra over 9 years ago

Updated by Jim Pingle over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Jim Pingle over 9 years ago