Bug 12277

Summary: Using predefined service (groups) as firewall rule source port is impossible
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: NEW --- QA Contact: Peter Müller <peter.mueller>
Severity: Major Usability    
Priority: Will affect an average number of users CC: michael.tremer, stefan.schantl
Version: 2   
Hardware: all   
OS: All   
Bug Depends on:    
Bug Blocks: 12278    

Description Peter Müller 2020-01-22 21:19:18 UTC 
As described in https://lists.ipfire.org/pipermail/development/2020-January/006883.html , it is not possible to create a firewall rule in the WUI with both source and destination port limited to a predefined service or service group.

Since limiting source ports to values > 1023 is a common (and primitive) technique to detect/block traffic from compromised services running on privileged ports, this is a major usability.

Suprisingly, nobody seemed to notice it until today.