Bug #8039


Invalid characters in static IP description will not resolve upon correction

Added by Diedrich Guenther over 6 years ago. Updated over 6 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


I created a few dozen static IPs in the DHCP Server. A handful of those had descriptive names such as "Diedrich's laptop". I was never warned that the ' symbol was not allowed. The mapping was saved. I then went to edit/create a NAT Port Forwarding rule and was denied the ability because

The following input errors were detected:

    Invalid characters detected <AB:xx:12>Yes<CD:xx:34>Yes<EF:xx:56>Yes<GH:xx:78>Yes. Please remove invalid characters and save again.

I then went back to the offending static addresses and took out the ' in each of the descriptive names, resaved, applied the changes, but with no luck. I then did a full reboot - no luck. One of the descriptive names didn't even have a ' so I'm a bit confused as to what could be blocking the firewall rule edit and creation.

Actions #1

Updated by Jim Thompson over 6 years ago

  • Assignee set to Anonymous
Actions #2

Updated by Anonymous over 6 years ago

  • Assignee changed from Anonymous to Anonymous
  • Target version set to 2.4.2
Actions #3

Updated by Clinton Cory over 6 years ago

I attempted to replicate this on a SG-2220 running Factory 2.4.2-DEV box but it seems to work just fine. I used static DHCP mapping description as well.
- Fresh install of pfSense 2.4.2-DEV
- Services - DHCP Server - LAN
- Created a new mapping with a description of Diedrich's laptop, assigned it an IP of, then saved
- Navigated to Firewall - NAT - Portward and created a NAT port forward to the static mapped IP of without issue

Based on the fact that removing the descriptions, reboot, etc..does not solve the issue for the OP, I suspect this is a different issue altogether.

Diedrich, are you able to replicate this on another system or fresh install? Are you creating static IPv4 or IPv6 mappings?

Actions #4

Updated by Diedrich Guenther over 6 years ago

You will have to mark this as 'could not replicate'. I blasted the installation and will have to try again in the future; I ran into a separate issue with my wife's employer email being blocked - she could not send any emails through their web client nor Exchange. The mail is I had to give up and go back to our ASUS router for fear of getting a divorce.

Actions #5

Updated by Jim Pingle over 6 years ago

The static mapping wouldn't have anything to do with the port forward page.

The error on the port forward page is likely from the way it attempts to sanitize everything in $_REQUEST. Somehow your browser is/was sending junk to the page when loading it. See source:src/usr/local/www/firewall_nat_edit.php#L144

Since cookie data can exist in $_REQUEST, it may have been a leftover value from some other previous router.

The sanitizing code in firewall_nat_edit.php should really only look at variables actually used by the page instead of trying to take that shortcut.

Actions #6

Updated by Anonymous over 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #7

Updated by Anonymous over 6 years ago

On pfSense-netgate-memstick-ADI-2.4.2-DEVELOPMENT-amd64-20171108-1341 could not reproduce the bad behavior.

Actions #8

Updated by Jim Pingle over 6 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF