Bug #3327
Deny port forwarding the same port
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.7 | |||
Security class: | Resolution: | |||
Affected version: | v6.7 | NEEDINFO: | No |
Description
The Port forwarding user interface allows creating more than one forward for the same port and wan ip. While technically allowed, only the first rule is applied.
I would like to add a check to deny creating a forward on a port already "busy".
Steps to reproduce:
1. create a port forward for any wan ip port 22 to an host A
2. create another identical port fwd to another host B
3. try to connect from outside to port 22, you will go to host A
Desired behavior: in step 2, show an error that says something like "port x il already busy".
The check has to evaluate both port and wan ip: the same port on different ip can be forwarded.
Associated revisions
Web UI: check for duplicate port forward. Refs #3327
History
#1 Updated by Filippo Carletti over 5 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 5 years ago
- Description updated (diff)
#3 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-firewall-base-2.10.0-1.1.g8ab293a.ns6.noarch.rpm
- nethserver-firewall-base-ui-2.10.0-1.1.g8ab293a.ns6.noarch.rpm
- Create a port forward with source port "22" and WAN IP set to "any"
- Try to create a new port forward with the same source port and WAN IP
- The web interface must raise a validation error
- Try to modify an existing port forward
- The web interface should not raise any error
#6 Updated by Filippo Carletti over 5 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Creating the same forward on an already used port the interface displayed:
Origin port
A port forward with same WAN IP and origin port already exists.
Modifying a port forward (I changed port): no errors.
I also tried to forward an used port but bound to a specific alias ip: it's been accepted as expected.
#7 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-2.10.1-1.ns6.noarch.rpm
- nethserver-firewall-base-ui-2.10.1-1.ns6.noarch.rpm