Bug 284998

Summary: Yast firewall custom rules stores source as dest port
Product: [openSUSE] openSUSE 10.3 Reporter: Volker Kuhlmann <bugz57>
Component: YaST2Assignee: Lukas Ocilka <locilka>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None    
Version: Alpha 5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Beta-Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: yast logs of entering a custom rule with optional source port argument

Description Volker Kuhlmann 2007-06-17 09:56:32 UTC 
Yast->Security and Users->Firewall->Custom rules->Add

The destination and source ports are both optional. When entering a source port but no destination port, the source port which is entered is stored as destination port.
Comment 1 Cyril Hrubis 2007-06-20 15:45:01 UTC 
Please attach y2logs. If you are in doubt follow:

http://en.opensuse.org/Bugs/YaST

Thanks!
Comment 2 Volker Kuhlmann 2007-06-24 01:12:12 UTC 
No problem. I've cleared out /var/log/YaST2 to get rid of the installation junk, and added a custom rule to allow 10.1.1.0/24 tcp *source* port 999 in on the external zone. Immediately after entering those numbers in the popup, the advanced rule window shows the rule with *dest* port 999.

Seems like a trivial thing to me: there are 2 optional arguments, dest port and source port. If only the second one is given, it is treated as if it was the first.

Btw making the first optional argument mandatory when entering the second optional one doesn't work here, they have to be independently optional.
Comment 3 Volker Kuhlmann 2007-06-24 01:14:19 UTC 
Created attachment 148073 [details]
yast logs of entering a custom rule with optional source port argument
Comment 4 Lukas Ocilka 2007-07-02 13:18:16 UTC 
A patch:

Index: SuSEFirewallExpertRules.ycp
===================================================================
--- SuSEFirewallExpertRules.ycp (revision 39103)
+++ SuSEFirewallExpertRules.ycp (working copy)
@@ -244,8 +244,17 @@
 
        // Creating new record
        string new_rule = params["network"]:"" + "," + params["protocol"]:"";
-       if (params["dport"]:"" != "") new_rule = new_rule + "," + params["dport"]:"";
-       if (params["sport"]:"" != "") new_rule = new_rule + "," + params["sport"]:"";
+
+       // either 'dport' or 'sport'
+       if (params["dport"]:"" != "" || params["sport"]:"" != "") {
+           // 'dport' can be empty even if 'sport' is set
+           new_rule = new_rule + "," + params["dport"]:"";
+
+           if (params["sport"]:"" != "") {
+               new_rule = new_rule + "," + params["sport"]:"";
+           }
+       }
+
        if (new_rule == "0/0,all") {
            y2warning("Adding rule '%1' that allows everything from all networks!", new_rule);
        }

Fixed in yast2-2.15.38