Bug 13860

Summary:	Error message when creating a firewall rule with a subnet for src
Product:	IPFire	Reporter:	Adolf Belka <adolf.belka>
Component:	---	Assignee:	Assigned to nobody - feel free to grab it and work on it <nobody>
Status:	CLOSED FIXED	QA Contact:
Severity:	Major Usability
Priority:	- Unknown -	CC:	michael.tremer
Version:	2
Hardware:	unspecified
OS:	Unspecified
Attachments:	screenshot of failing firewall rule

Description Adolf Belka 2025-06-25 10:35:35 UTC

Created attachment 1641 [details]
screenshot of failing firewall rule

This was identified by someone on the forum.

I have confirmed that this happens.

Attached is screenshot with blue subnet as source and a specific IP on green.

The same failure happens whether nat is selected or not.

If a specific IP on blue is used as the src then the rule works fine.

The same thing happens if the src is the Orange subnet.

The error message looks to be coming from the code checking if the src and dst subnets are the same although it is not showing the wording that should come from the language file, only the IP's and subnet masks.

The forum user indicated that this issue occurred after upgrade to CU195.

I have not yet tested this out on a CU194 system to confirm all okay but will do so.

The forum user has also indicated that some of his existing rules look to no longer be working. These are rules from blue to green.

Comment 1 Adolf Belka 2025-06-25 11:09:57 UTC

I just did the same firewall rule test with CU194 on my vm testbed and the firewall rules are accepted with no problems.

So this confirms that something from the 194 to 195 update is giving this issue.

Comment 2 Michael Tremer 2025-06-25 14:25:57 UTC

> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=0ee4f61deaf50b5c091d94afbedd5615c002cfae

I just pushed this fix for the problem.

I suppose we will have to rebuild c195 because too many people are running into this issue.

Comment 3 Adolf Belka 2025-06-25 14:42:32 UTC

Confirmed fix for problem.

Comment 4 Adolf Belka 2025-06-27 13:43:11 UTC

The previous fix confirmation was by making the same changes manually on a system.

I have now done a Core Update to CU195 on a system and it took the merged fix into CU195 and I can confirm that the firewall rules creation is now working correctly.

Comment 5 Adolf Belka 2025-07-01 09:38:12 UTC

https://www.ipfire.org/blog/ipfire-2-29-core-update-196-is-available-for-testing

Comment 6 Adolf Belka 2025-07-01 10:29:32 UTC

Tested out creating a new firewall rule from blue subnet to a specific green IP and the firewall rule is correctly created and can be updated.

This type of firewall rule was the one that failed before.

This verifies that the fix is working in CU196 Testing.

Comment 7 Adolf Belka 2025-08-10 13:20:14 UTC

https://www.ipfire.org/blog/ipfire-2-29-core-update-196-released