From dd07956c5e99648039c7090a7d9ef5631d5d8c79 Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Fri, 17 Jul 2015 23:05:06 +0545
Subject: Really avoid error loading rules for numeric host name in alias

Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports:
There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 }
and /tmp/rules.debug has:
table { 23 }
Zqw = ""
which pf does not cope with.
This change will differentiate between a number in the context of a port alias and a number that is_hostname.
This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias.
I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types.
---
 etc/inc/filter.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'etc/inc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ec65bad..7638a20 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -612,6 +612,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr
 	$builtlist = "";
 	$urltable_nesting = "";
 	$aliasnesting[$name] = $name;
+	$alias_type = alias_get_type($name);
 	foreach ($addresses as $address) {
 		if (empty($address)) {
 			continue;
@@ -639,7 +640,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr
 				$tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting);
 			}
 		} else if (!isset($aliasaddrnesting[$address])) {
-			if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) {
+			if (!is_ipaddr($address) && !is_subnet($address) && !(($alias_type == 'port') && (is_port($address) || is_portrange($address))) && is_hostname($address)) {
 				if (!isset($filterdns["{$address}{$name}"])) {
 					$use_filterdns = true;
 					$filterdns["{$address}{$name}"] = "pf {$address} {$name}\n";
-- 
cgit v1.1