Project

General

Profile

Actions

Bug #8386

closed

Virtual IPs not considered as part of interface net

Added by Stefan Kooman over 6 years ago. Updated 5 months ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/22/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.2_1
Affected Architecture:

Description

Every network interface with ips configured has a variable "INTERFACE net" which can be used in firewall rules to select all associated ips on that interface. Currently, Virtual IPs (and or virtual IP ranges) bound on a INTERFACE are not considered to be part the "net" of that INTERFACE. I would expect that all associated IPs (be it virtual or not) should belong to the "net" of an interface. This can be work around by creating a new alias which includes all network ranges and replacing the "INTERFACE net" variable in the ruleset, but this is error prone, as future Virtual IPs might get forgotten to be added to this new alias.

Actions

Also available in: Atom PDF