Enhancement #3045

Port forward: limit validator for Allow field

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.6
Resolution: NEEDINFO:No

Description

Actual validator allows any value inside the Allow field. This choice gives much freedom to the user who can use any syntax allowed by Shorewall (see: http://www.shorewall.net/4.2/manpages/shorewall-rules.html).

But many users fail to insert a valid syntax inside the above field causing a broken configuration.
To avoid problems, the new validator will allow only a comma separated list of IPs or networks in CIDR format.


Related issues

Duplicates NethServer 6 - Bug #3020: Port forwarding : field "allow from" can break Shorewall CLOSED

Associated revisions

Revision a74b077d
Added by Giacomo Sanchietti over 6 years ago

Web UI: limit validator for Allow field. Refs #3045

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Category set to nethserver-firewall-base
  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 6 years ago

  • Assignee set to Giacomo Sanchietti

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-firewall-base-2.2.3-1.7.g98ddcc2.ns6.noarch.rpm
Test case
  • Valid value is a comma-separated list of IP addresses or networks in CIDR format
  • Try to insert invalid values inside the text field
  • Check inline help is updated

#6 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Pre-upgrade:

[root@ns65 ~]# rpm -q nethserver-firewall-base
nethserver-firewall-base-2.2.3-1.ns6.noarch

Adding a "complex" Allow from is accepted.
Adding a nonsense Allow from is also accepted but after Save the following error is shown on top of screen:

Task completato con errori
Configuring shorewall #21 (code 1)
 ERROR: Unknown Interface (a) /etc/shorewall/rules (line 141)

Upgrade:

Updated:
  nethserver-firewall-base.noarch 0:2.2.3-1.7.g98ddcc2.ns6   

Adding a "complex" Allow from is NOT accepted, Save is impossible.
Adding a nonsense Allow from is NOT accepted, the system suggests to use a simple cidr syntax.
The online help explains new valid values.

Problems
Trying to modify or delete a rules previously configured using a "complex" syntax fails: the rules table is displayed when I select modify or delete with a red error with the correct syntax.
However the rule could be disabled.

I'd release this as is, probably nobody has ever used complex syntax. If he/she encounters the problem, the db command will save the day.
Here's the db command for reference:

db portforward delete 1

where 1 is the Id of the offending rule.

#7 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-base:
  • nethserver-firewall-base-2.3.0-1.ns6.noarch.rpm

#8 Updated by Giacomo Sanchietti over 6 years ago

  • Duplicates Bug #3020: Port forwarding : field "allow from" can break Shorewall added

Also available in: Atom PDF