diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-07-17 23:05:06 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2015-07-17 23:05:06 +0545 |
| commit | dd07956c5e99648039c7090a7d9ef5631d5d8c79 (patch) | |
| tree | 21df86e8f008e57daf10293afae70eefc26038dc /etc | |
| parent | faaab0885d68e6422885e1c3d56985992e909474 (diff) | |
| download | pfsense-dd07956c5e99648039c7090a7d9ef5631d5d8c79.zip pfsense-dd07956c5e99648039c7090a7d9ef5631d5d8c79.tar.gz | |
Really avoid error loading rules for numeric host name in alias
Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports:
There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 }
and /tmp/rules.debug has:
table { 23 }
Zqw = ""
which pf does not cope with.
This change will differentiate between a number in the context of a port alias and a number that is_hostname.
This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias.
I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ec65bad..7638a20 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -612,6 +612,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $builtlist = ""; $urltable_nesting = ""; $aliasnesting[$name] = $name; + $alias_type = alias_get_type($name); foreach ($addresses as $address) { if (empty($address)) { continue; @@ -639,7 +640,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } } else if (!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !(($alias_type == 'port') && (is_port($address) || is_portrange($address))) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) { $use_filterdns = true; $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; |
