You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you create a rule with a port alias, when you disabled the used port alias, the rule is not disabled and still working.
You can test it by validating the rule by trying to make a connection.
And if you log in using SSH to the opnsense instance and run the commande diff /tmp/rules.debug /tmp/rules.debug.old, no difference is shown.
In the documentation about aliases here https://docs.opnsense.org/manual/aliases.html, there is nothing about the enabled of aliases.
I used this page to manage aliases : /ui/firewall/alias
To Reproduce
Go to the alias page /ui/firewall/alias and create an port alias which is enabled
Go to the firewall rule page /firewall_rules.php?if=lan (or for another interface) and create a rule using this port alias
Check the rule is properly working
Disable the port alias and don't forget to apply
Check the rule again, it is still working
Expected behavior
The rule should not be working if port alias is disabled.
If you do the same test but an IP alias instead of the port alias, you can see using the command pfctl -t testip -T show showing the list of IP in the alias added and removed when you enable or disable the IP alias. And the rules using this one are properly disabled when the alias is it also.
Describe alternatives you considered
Obvisouly, you can disabled the rule directly to have it disabled, instead of disabled the port alias. But this is really confusing.
Alias disabling function should be more explicit in the documentation about the what it is doing.
Relevant log files
I check in the following logs diff /tmp/rules.debug /tmp/rules.debug.old showing no differences in the rules when disabling a port alias.
Environment
System is up to date on this day.
OPNsense 22.1.1_3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
Feel free to ask more explanation or more information is something is unclear
The text was updated successfully, but these errors were encountered:
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
If you create a rule with a port alias, when you disabled the used port alias, the rule is not disabled and still working.
You can test it by validating the rule by trying to make a connection.
And if you log in using SSH to the opnsense instance and run the commande
diff /tmp/rules.debug /tmp/rules.debug.old
, no difference is shown.In the documentation about aliases here https://docs.opnsense.org/manual/aliases.html, there is nothing about the enabled of aliases.
I used this page to manage aliases :
/ui/firewall/alias
To Reproduce
/ui/firewall/alias
and create an port alias which is enabled/firewall_rules.php?if=lan
(or for another interface) and create a rule using this port aliasExpected behavior
The rule should not be working if port alias is disabled.
If you do the same test but an IP alias instead of the port alias, you can see using the command
pfctl -t testip -T show
showing the list of IP in the alias added and removed when you enable or disable the IP alias. And the rules using this one are properly disabled when the alias is it also.Describe alternatives you considered
Obvisouly, you can disabled the rule directly to have it disabled, instead of disabled the port alias. But this is really confusing.
Alias disabling function should be more explicit in the documentation about the what it is doing.
Relevant log files
I check in the following logs
diff /tmp/rules.debug /tmp/rules.debug.old
showing no differences in the rules when disabling a port alias.Environment
System is up to date on this day.
Feel free to ask more explanation or more information is something is unclear
The text was updated successfully, but these errors were encountered: