Project

General

Profile

Bug #8575

IPv6 NPt field order bug?

Added by Donn Lasher 9 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules/NAT
Target version:
Start date:
06/14/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

Hoping this isn't a duplicate of 6985, but appears to be related.

Running 2.4.3_1, appears adding a new NPt creates a broken rule, which prevents loading rules with a syntax error:

There were error(s) loading the rules: /tmp/rules.debug:195: syntax error - The line in question reads [195]: binat on $HURRICANETUNNELCA inet6 from to any -> 2001:xxx:xxxx:20::/64
2018-06-14 08:57:47
There were error(s) loading the rules: /tmp/rules.debug:195: syntax error - The line in question reads [195]: binat on $HURRICANETUNNELCA inet6 from to any -> 2001:xxx:xxxx:20::/64
2018-06-14 08:57:48

Output from /tmp/rules.debug:
binat on $HURRICANETUNNELCA inet6 from to any -> 2001:xxx:xxxx:20::/64
binat on $HURRICANETUNNELCA inet6 from any to 2001:xxx:xxxx:20::/64 ->
binat on $HURRICANETUNNELWA inet6 from to any -> 2001:xxx:xxxx:20::/64
binat on $HURRICANETUNNELWA inet6 from any to 2001:xxx:xxxx:20::/64 ->

I’m guessing the “FROM” in lines 1 & 3 shouldn’t be empty. The config in the UI isn’t empty, either initially, or when I go back to edit the NPt rule.

REFERENCES:
https://forum.netgate.com/topic/131924/firewall-rules-bug/5
https://redmine.pfsense.org/issues/6985
https://redmine.pfsense.org/issues/7712

Associated revisions

Revision feccd385 (diff)
Added by Jim Pingle 9 months ago

Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575

Revision 29e8d025 (diff)
Added by Jim Pingle 9 months ago

Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575

(cherry picked from commit feccd385d737ffd8c61ca977ee4d3dfa23c1aadc)

History

#1 Updated by Jim Pingle 9 months ago

  • Category set to Rules/NAT
  • Assignee set to Jim Pingle
  • Target version set to 2.4.4
  • Affected Version set to All
  • Affected Architecture set to All

Looks like invalid input caused it, needs some validation. Commit is on its way.

#2 Updated by Jim Pingle 9 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 9 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF