You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched the existing issues, open and closed, and I'm convinced that mine is new.
The title contains the plugin to which this issue belongs
Describe the bug
In a normal bind configuration, anywhere where you can enter IP ranges (like in an ACL), you can use an exclamation mark to invert a match.
For example, you could do 10.0.0.0/8; !10.0.1.0/24 to refer to everything inside 10.0.0.0/8 except for clients that are in 10.0.1.0/24.
When I try to enter any network preceded by an exclamation mark in the ACL config, it refuses to let me save the ACL, stating "Please specify a valid network segment or IP address."
This bug also applies to other places where an ACL can be entered, like for the "ACL for filter-aaaa" entry
To Reproduce
Steps to reproduce the behavior:
Go to Services -> BIND -> Configuration -> ACLs, click the "+" icon.
Enter 10.0.0.0/8, !10.0.1.0/24 for the network list
Click Save and see the error message.
Expected behavior
It should add the ACL.
Screenshots
Additional context
The plugin also doesn't allow the short syntax for IPv4 subnets (like "10/8" to refer to 10.0.0.0/8") which is supported by bind. Not a big issue, though, since you can just write the full network. But I haven't found a workaround to exclude single IPs or network ranges from an ACL like you could with an exclamation mark in the bind config.
(Sidenote, I'm also wondering why "ACL for filter-aaaa" requires a list of addresses while "Recursion", "Allow Transfer" and "Allow Query" are nice drop-downs to select one or many ACLs? Why isn't the filter-aaaa one a dropdown to select an ACL as well?)
Environment
OPNsense 24.7.11_2
os-bind 1.33_1
The text was updated successfully, but these errors were encountered:
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
In a normal bind configuration, anywhere where you can enter IP ranges (like in an ACL), you can use an exclamation mark to invert a match.
For example, you could do
10.0.0.0/8; !10.0.1.0/24to refer to everything inside 10.0.0.0/8 except for clients that are in 10.0.1.0/24.When I try to enter any network preceded by an exclamation mark in the ACL config, it refuses to let me save the ACL, stating "Please specify a valid network segment or IP address."
This bug also applies to other places where an ACL can be entered, like for the "ACL for filter-aaaa" entry
To Reproduce
Steps to reproduce the behavior:
10.0.0.0/8, !10.0.1.0/24for the network listExpected behavior
It should add the ACL.
Screenshots
Additional context
The plugin also doesn't allow the short syntax for IPv4 subnets (like "10/8" to refer to 10.0.0.0/8") which is supported by bind. Not a big issue, though, since you can just write the full network. But I haven't found a workaround to exclude single IPs or network ranges from an ACL like you could with an exclamation mark in the bind config.
(Sidenote, I'm also wondering why "ACL for filter-aaaa" requires a list of addresses while "Recursion", "Allow Transfer" and "Allow Query" are nice drop-downs to select one or many ACLs? Why isn't the filter-aaaa one a dropdown to select an ACL as well?)
Environment
OPNsense 24.7.11_2
os-bind 1.33_1
The text was updated successfully, but these errors were encountered: