firewall.awk generates wrong forwarding rules that effectively disables multiple forwarding

GoogleCodeExporter commented 9 years ago

The firewall.awk is broken and generates wrong forwarding filter rules when
the forwarding target is missing the port or with the multiport extension!

Example 
forward:proto=tcp dport=48711,48712,48713-48719:192.168.1.111

Chain prerouting_wan (1 references)
num     pkts    bytes   target  prot    opt     in  out     source  destination     volby
1   0   0   DNAT    tcp     --  *   *   0.0.0.0/0   0.0.0.0/0   multiport dports
48711,48712,48713:48719 to:192.168.1.111

Chain forwarding_wan (1 references)
num     pkts    bytes   target  prot    opt     in  out     source  destination     volby
1   0   0   ACCEPT  all     --  *   *   0.0.0.0/0   192.168.1.111

The filtering rule in the forwarding_wan chain effectively eats the full
forwarded traffic and disables subsequent rules and breaks the chain policy.

See: Problem with miniupnpd

Original issue reported on code.google.com by kemen04@gmail.com on 27 Jun 2008 at 1:19

GoogleCodeExporter commented 9 years ago

Original comment by kemen04@gmail.com on 17 Jul 2008 at 4:47

Added labels: Type-Defect
Removed labels: Type-Enhancement

GoogleCodeExporter commented 9 years ago

this issue is no longer valid with the newer uci firewall.

Original comment by kemen04@gmail.com on 10 Oct 2008 at 3:02

Changed state: Fixed

jeremycollake / x-wrt

firewall.awk generates wrong forwarding rules that effectively disables multiple forwarding #44