Bug #8310
closed
Firewall ACL fails to parse / validate host alias entries after tenth entry in alias
0%
Description
This can be recreated 100% of the time.
When writing an ACL on the firewall, if I use a host alias as source or destination and I add more than 10 host entries to the alias PfSense ignores any other host in the alias after the tenth entry. E.g., entries 1... 10 are recognized and the ACL triggers when the event is presented to the firewall. Entry 11... + are ignored and the ACL is not triggered forcing the firewall to look through the rest of the rules to find a match and eventually the traffic is blocked due to no exception existing outside the default block rule.
If the host is a /32 or a /8 doesn't matter... it will process the first ten entries regardless of their CIDR / scope. So it appears to be an issue with parsing the alias list further than ten position in the astring.
Updated by Anonymous over 7 years ago
- Assignee set to Anonymous
- Target version set to 2.4.3
Updated by Anonymous over 7 years ago
- Assignee changed from Anonymous to Jim Pingle
Updated by Jim Pingle over 7 years ago
- Status changed from New to Not a Bug
- Target version deleted (
2.4.3)
I can't reproduce this with host or network aliases. I tried up to 50 entries in an alias and every entry worked as expected. I used IP address, I used hostnames, everything worked as expected.
Please post on the forum or reddit to discuss the problem and hopefully find out the actual underlying issue on your firewall.