Protocol negation in NAT is not handled correctly
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	dmbaturin
	Oct 24 2017, 6:54 PM

Description

Negating the protocol in NAT rules has the opposite effect and creates a rule that matches that protocol instead.

# show nat destination rule 10
 destination {
 }
 inbound-interface eth0
 protocol !tcp
 source {
     address 192.0.2.1
 }
 translation {
     address 10.91.19.10
 }

The rule it creates is:

0     0 DNAT       tcp  --  eth0   *       192.0.2.1            0.0.0.0/0            /* DST-NAT-10 */ to:10.91.19.10

A correctly generated rule was supposed to look like:

0     0 DNAT      !tcp  --  eth0      *       192.0.2.1            0.0.0.0/0            to:10.91.19.10

Details

Difficulty level: Normal (likely a few hours)
Version: 1.1.7
Why the issue appeared?: Will be filled on close

Event Timeline

dmbaturin created this task.Oct 24 2017, 6:54 PM

pasik added a subscriber: pasik.Oct 27 2017, 10:00 PM

syncer moved this task from Needs Triage to Backlog on the VyOS 1.1.x (1.1.8) board.Oct 30 2017, 1:48 PM

syncer closed this task as Resolved.Oct 30 2017, 1:54 PM

syncer claimed this task.

syncer moved this task from Need Triage to Finished on the VyOS 1.2 Crux board.

syncer moved this task from Backlog to Finished on the VyOS 1.1.x (1.1.8) board.

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS-1.2.0-GA; removed VyOS 1.2 Crux, VyOS 1.1.x (1.1.8).Oct 15 2018, 11:53 PM

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 11:58 PM

Protocol negation in NAT is not handled correctlyClosed, ResolvedPublicBUGActions

Description

Details

Event Timeline

Protocol negation in NAT is not handled correctly
Closed, ResolvedPublicBUG
Actions