diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-07-17 23:05:06 +0545 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-07-18 12:58:34 -0300 |
| commit | 49fc1967c6f754cb39995893cf64b9a1d3c063f1 (patch) | |
| tree | 86b4c5084557ac982fbb2c10e69161a2f8ccce66 | |
| parent | 642e925fa19b33a3fce2015dd869433c885b1d07 (diff) | |
| download | pfsense-49fc1967c6f754cb39995893cf64b9a1d3c063f1.zip pfsense-49fc1967c6f754cb39995893cf64b9a1d3c063f1.tar.gz | |
Really avoid error loading rules for numeric host name in alias
Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports:
There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 }
and /tmp/rules.debug has:
table { 23 }
Zqw = ""
which pf does not cope with.
This change will differentiate between a number in the context of a port alias and a number that is_hostname.
This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias.
I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types.
| -rw-r--r-- | etc/inc/filter.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f58cdd9..6a8e4c1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -575,6 +575,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $builtlist = ""; $urltable_nesting = ""; $aliasnesting[$name] = $name; + $alias_type = alias_get_type($name); foreach ($addresses as $address) { if (empty($address)) continue; @@ -600,7 +601,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr else if(!isset($aliasnesting[$address])) $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } else if(!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !(($alias_type == 'port') && (is_port($address) || is_portrange($address))) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) { $use_filterdns = true; $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; |
