Enhancement #3045
Port forward: limit validator for Allow field
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
Actual validator allows any value inside the Allow field. This choice gives much freedom to the user who can use any syntax allowed by Shorewall (see: http://www.shorewall.net/4.2/manpages/shorewall-rules.html).
But many users fail to insert a valid syntax inside the above field causing a broken configuration.
To avoid problems, the new validator will allow only a comma separated list of IPs or networks in CIDR format.
Related issues
Associated revisions
Web UI: limit validator for Allow field. Refs #3045
History
#1 Updated by Giacomo Sanchietti over 6 years ago
- Category set to nethserver-firewall-base
- Status changed from NEW to TRIAGED
- Target version set to v6.6
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#3 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-firewall-base-2.2.3-1.7.g98ddcc2.ns6.noarch.rpm
- Valid value is a comma-separated list of IP addresses or networks in CIDR format
- Try to insert invalid values inside the text field
- Check inline help is updated
#6 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Pre-upgrade:
[root@ns65 ~]# rpm -q nethserver-firewall-base nethserver-firewall-base-2.2.3-1.ns6.noarch
Adding a "complex" Allow from is accepted.
Adding a nonsense Allow from is also accepted but after Save the following error is shown on top of screen:
Task completato con errori Configuring shorewall #21 (code 1) ERROR: Unknown Interface (a) /etc/shorewall/rules (line 141)
Upgrade:
Updated: nethserver-firewall-base.noarch 0:2.2.3-1.7.g98ddcc2.ns6
Adding a "complex" Allow from is NOT accepted, Save is impossible.
Adding a nonsense Allow from is NOT accepted, the system suggests to use a simple cidr syntax.
The online help explains new valid values.
Problems
Trying to modify or delete a rules previously configured using a "complex" syntax fails: the rules table is displayed when I select modify or delete with a red error with the correct syntax.
However the rule could be disabled.
I'd release this as is, probably nobody has ever used complex syntax. If he/she encounters the problem, the db command will save the day.
Here's the db command for reference:
db portforward delete 1
where 1 is the Id of the offending rule.
#7 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-2.3.0-1.ns6.noarch.rpm
#8 Updated by Giacomo Sanchietti over 6 years ago
- Duplicates Bug #3020: Port forwarding : field "allow from" can break Shorewall added