Maniphest T5989

IP subnets not usable in UPnP ACLs
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	cbuechler
	Jan 26 2024, 6:59 PM

Tags

Referenced Files

None

Subscribers

Description

The fix in T4611 is incomplete in that networks are still not permitted to be configured in UPnP ACLs. Only IPv4 addresses are permitted. This makes the changes done in T4611 unusable.

Adding ipv4-prefix validator to templates/service/upnp/rule/node.tag/ip/node.def fixes the issue. The config file is written out correctly after the changes in T4611, the validator just doesn't allow configuring it that way.

This is a significant limitation since you need to use 0.0.0.0/0 or some other network prefix to allow or deny >1 IP.

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned Here: T4611: UPnP rule IP should be a prefix instead of an address

Event Timeline

cbuechler triaged this task as Normal priority.Jan 26 2024, 6:59 PM

cbuechler created this task.

cbuechler created this object in space S1 VyOS Public.

PR to fix here: https://github.com/vyos/vyos-1x/pull/2897

cbuechler changed the task status from Open to In progress.Jan 26 2024, 7:08 PM

Viacheslav assigned this task to cbuechler.Jan 27 2024, 12:08 PM

Viacheslav added a project: VyOS 1.5 Circinus.

Viacheslav changed the subtype of this task from "Task" to "Bug".

pasik added a subscriber: pasik.Jan 27 2024, 6:26 PM

Marked this as resolved since the fix was merged and backported.