[For some reason the 'New Issue' button on redmine is no longer visible
to me, so I'll record this minor issue here]
When creating a network alias which contains an IPv6 address, some
additional data validation is required. Specifically, it lets you enter
the following:
Firewall > Aliases > [+]
Name: foo
Type: Network(s)
Network(s): [+]
[fc00:123::/48 ] [ /48 ]
This happened to me for real when copy-pasting a subnet into the first
field.
The data is accepted, and the alias then has value "fc00:123::/48/48".
However, this prevents the ruleset from loading. More seriously, the
entire ruleset is left empty. That is: after clicking Apply, 'pfctl -sr'
shows nothing at all, and the firewall is open.
If you then navigate to another page, you do see an error notification:
"
02-10-14 17:11:31 <https://localhost:9902/firewall_aliases.php#> [
There were error(s) loading the rules: /tmp/rules.debug:26: syntax error
- The line in question reads [26]: table { fc00:123::/48/48 } ]
<https://localhost:9902/firewall_aliases.php#>
"
You can fix or delete the offending alias to correct the problem.
Suggestion: either reject an alias which contains /nnn, or else use the
/nnn part to override the CIDR drop-down selector (which would be
convenient for copy-pasting aliases)
Regards,
Brian.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
