Project

General

Profile

Bug #8410

unable to use registered services by name and unable to define aliases for registered services using their name

Added by lists b 12 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules/NAT
Target version:
Start date:
03/31/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

related to some degree to bug 8409, i've found that i'm unable to create aliases for registered services using their actual name - for example, mdns [udp/5353]. this led me to expect that, when creating a firewall rule, i would be able to use the symbolic name for this service [e.g. "mdns"], rather than having to use the port number integer ["e.g. "5353"]. however, this does not appear to work. pfsense doesn't complain, but ignores what has been provided and sets the port field to "any".

if registered services cannot be defined using aliases, then their existing symbolic names from the services(5) database should be available for use to me it would make sense to use the autocomplete mechanism for this, since inclusion in the port drop down would be impractical].

conversely, if registered services cannot be referenced by symbolic name, then an admin should be able to define an alias for a given service.

Associated revisions

Revision 885e9b2a (diff)
Added by Jim Pingle 12 months ago

Correct pconfig_to_address() so its logic matches the input validation used for checking port numbers. Fixes #8410

Revision 39ee89ab (diff)
Added by Jim Pingle 11 months ago

Correct pconfig_to_address() so its logic matches the input validation used for checking port numbers. Fixes #8410

(cherry picked from commit 885e9b2a1df256f4d50367f96b4d39c1106b2448)

History

#1 Updated by Jim Pingle 12 months ago

  • Category set to Rules/NAT
  • Status changed from New to Assigned
  • Assignee set to Jim Pingle
  • Target version set to 2.4.4
  • Affected Version set to All
  • Affected Architecture set to All

It should be rejecting that input rather than switching to 'any'. The only text allowed in those boxes should be valid alias names.

#2 Updated by Jim Pingle 12 months ago

is_port() from /etc/inc/util.inc tests a string against known services by name to determine validity, not just numbers. Then pconfig_to_address() checks the value in such a way that it must be a numeric port number or an alias, ignoring the well-known/registered service ports that the input validation allowed earlier. Thus it ends up empty.

I have a fix, will push shortly.

#3 Updated by Jim Pingle 12 months ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

#4 Updated by James Dekker 12 months ago

Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Setting port to other and using the name, like 'ssh', then saving the rule does not result in the port being set to any.

#5 Updated by Jim Pingle 12 months ago

  • Status changed from Feedback to Resolved

#6 Updated by Jim Pingle 11 months ago

  • Target version changed from 2.4.4 to 2.4.3_1

Also available in: Atom PDF