Deleting all IP from an alias leaves the last ip in the alias table

  • Hi,

    Using 2.0-RC1 from march 7

    Just tried to make a Firewall rule matching an alias of IP addresses.

    Steps I did to reapeat the problem:
    1. Create the alias "test"
    2. Create the firewall rule "ruletest", assigned the source IP field with "test" alias
    3. Populated the "test" alias with just one IP (192.168.x.x)
    4. Tested the functionality of the rule: it worked fine for 192.168.x.x
    5. Deleted the 192.168.x.x IP from "test" alias
    6. Tested that the firewall rule doesn't match anymore with that IP: Failed, the rule still consider 192.168.x.x part of that Alias.
    7. Go to the "test" alias edit page: no IP is shown here, is empty
    8. Listed in Diagnostics>Tables the "test" alias and the deleted IP (192.168.x.x) is shown here

    There is no errors, and I have cliced "Apply changes" every time it appeared.

  • Rebel Alliance Developer Netgate

    Very interesting, and I can confirm this does happen. When you delete the last IP from an alias, the rules.debug correctly contains no IPs in the alias, but the pf table still holds the last IP.

    It would appear the GUI and backend code is doing the right thing, but perhaps an extra step is needed to flush the table in this specific case when an alias is emptied out.

    However, it's rare that someone would be leaving an such alias empty.

Log in to reply