Disabling port alias does nothing

[vdavy]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

If you create a rule with a port alias, when you disabled the used port alias, the rule is not disabled and still working.
You can test it by validating the rule by trying to make a connection.
And if you log in using SSH to the opnsense instance and run the commande diff /tmp/rules.debug /tmp/rules.debug.old, no difference is shown.

In the documentation about aliases here https://docs.opnsense.org/manual/aliases.html, there is nothing about the enabled of aliases.
I used this page to manage aliases : /ui/firewall/alias

To Reproduce

1. Go to the alias page /ui/firewall/alias and create an port alias which is enabled
2. Go to the firewall rule page /firewall_rules.php?if=lan (or for another interface) and create a rule using this port alias
3. Check the rule is properly working
4. Disable the port alias and don't forget to apply
5. Check the rule again, it is still working

Expected behavior

The rule should not be working if port alias is disabled.

If you do the same test but an IP alias instead of the port alias, you can see using the command pfctl -t testip -T show showing the list of IP in the alias added and removed when you enable or disable the IP alias. And the rules using this one are properly disabled when the alias is it also.

Describe alternatives you considered

Obvisouly, you can disabled the rule directly to have it disabled, instead of disabled the port alias. But this is really confusing.
Alias disabling function should be more explicit in the documentation about the what it is doing.

Relevant log files

I check in the following logs diff /tmp/rules.debug /tmp/rules.debug.old showing no differences in the rules when disabling a port alias.

Environment

System is up to date on this day.

• OPNsense 22.1.1_3-amd64
• FreeBSD 13.0-STABLE
• OpenSSL 1.1.1m 14 Dec 2021

Feel free to ask more explanation or more information is something is unclear

[AdSchellevis]

@vdavy 88837ed should fix the issue. easy to try locally using opnsense-patch 88837ed on a console. Thanks for reporting!

[AdSchellevis]

needs 99c70a5 on top of 88837ed, install both using opnsense-patch 88837ed 99c70a5

[vdavy]

I have just tested it and it works perfectly.

2 questions please :

• any idea when this fix will be available for update in the repos ?
• should I remove the patch (with opnsense-patch -e) before next update or this is not necessary ?

Thanks a for your quick fix and happy to help on a such amazing software. Keep going !

[AdSchellevis]

@vdavy thanks for letting us know.

An update will overwrite the files, just keep an eye on the change log to know if it's in. Could be the next release or the one after.