BUG? Source ports range as alias
-
Hi… I have troubles when I tru to use source port range with aliases... It looks like a bug.
Here are the steps to reproduce:
- Define few ports as alias. As example
Name MyPorts
Ports 25 and 110 - Add Firewall rule
Set 'Destination port range'
From (other) MyPorts
To (other) MyPorts
All other leave by default - Add second firewall rule
Set 'Source port range'
From (other) MyPorts
To (other) MyPorts
All other leave by default
Try to applay rules. And you got the following error:
There were error(s) loading the rules: /tmp/rules.debug:161: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [161]: pass in quick on $INET proto tcp from any port { $MyPorts } to any flags S/SA keep state label "USER_RULE".
Here are (part of) /tmp/rules.debug:
MyPorts = "{ 25 110 }"
pass in quick on $INET proto tcp from any to any port $MyPorts flags S/SA keep state label "USER_RULE"
pass in quick on $INET proto tcp from any port { $MyPorts } to any flags S/SA keep state label "USER_RULE"Well … what you can see from here - the first rules was appl. sucessfuly the second one fail.
The difference in syntax is 2 { } arround $MyPorts
Probably this is the problem ?PS: Please take my appologies for my bad english…
- Define few ports as alias. As example
-
Is that already on RC3? I think something like that was fixed some time ago. In case you are not yet running RC3 please update and retest.
-
Yes.. This is on fresh install of PFSense 1.0 RC3 (1.0-RC3
built on Mon Oct 2 01:06:05 UTC 2006) -
Ok, we'll look into it. thanks for the great report btw.
-
I got another Bug on RC3 similar to this
when I enter in NAT a Source Port alias it will be also used in the Destination Field and you cannot get the Alias in the Destination Field away. The only way around is if I dont use the Alias in the source Port FIeld. Happens only whe you use an alias in the Source Field -
@tec:
I got another Bug on RC3 similar to this
when I enter in NAT a Source Port alias it will be also used in the Destination Field and you cannot get the Alias in the Destination Field away. The only way around is if I dont use the Alias in the source Port FIeld. Happens only whe you use an alias in the Source FieldNot a bug but a limitation. How would you shift portsaliases consisting of several ports to several other ports? If you use portsaliases you can't move them to other ports but only forward them 1:1.
-
In this particular case the PortAlias was consisting of one Port only and this worked on RC2
Alias "PC1RDP" had the Port 34621 in it, I selected this Alias as Source and wanted as Destinatination MSRDP. But he filled the Field with ""PC1RDP" -
In RC2 you were able to do this even if a portsalias coonsisted of more than one port which caused issues when using somethig else as internal destination port. To prevent this from happening we locked down the inputfields to be 1:1 mappings when using an alias.
-
Ok, sad to hear it but I have to live with it.
Cheers