Bug 1404076 - Querying for a port range within another port range in firewalld gives 'no' output.
Summary: Querying for a port range within another port range in firewalld gives 'no' o...
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: firewalld
Version: 8.1
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Eric Garver
QA Contact: Jiri Peska
URL:
Whiteboard:
: 1563281 (view as bug list)
Depends On: 1637204
Blocks: 1807630 1825061
TreeView+ depends on / blocked
 
Reported: 2016-12-13 01:58 UTC by Akhil John
Modified: 2020-05-14 13:46 UTC (History)
7 users (show)

Fixed In Version: firewalld-0.8.2-1.el8
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Akhil John 2016-12-13 01:58:20 UTC
Description of problem:
If a port is opened and run --query-port, it shows Yes. But if I open a port range and query a port within that range, it shows No.

Version-Release number of selected component (if applicable):
- All RHEL 7 versions
- firewalld package

How reproducible:
Add a port range in firewalld using --add-port option and query a port within that range using --query-port. The output shows No

Steps to Reproduce:
1.# firewall-cmd --add-port=8080/tcp; firewall-cmd --add-port=825-830/tcp
2.firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 8080/tcp 825-830/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 

3.

Actual results:
# firewall-cmd --query-port=830/tcp
no

# firewall-cmd --query-port=829/tcp
no

# firewall-cmd --query-port=8080/tcp
yes


Expected results:
# firewall-cmd --query-port=830/tcp
yes

# firewall-cmd --query-port=829/tcp
yes

# firewall-cmd --query-port=8080/tcp
yes

Additional info:

Comment 3 Eric Garver 2018-04-03 14:14:07 UTC
*** Bug 1563281 has been marked as a duplicate of this bug. ***

Comment 4 Eric Garver 2018-08-21 17:49:13 UTC
Fixes upstream:

  2925de324443 ("ports: allow querying a single added by range")
  3fb707228ced ("tests/regression: add coverage for rhbz 1404076")

Comment 7 Tomas Dolezal 2019-11-06 15:23:14 UTC
moving to rhel8 as a bug report, ports within a range are correctly reported as present, but that does not apply for subranges.
firewalld-0.7.0-5.el8.noarch

last line should be also 'yes'
for port in 3199 3200 3250 3299 3300 3200-3300 3250-3260 ; do echo -ne "port $port/tcp:\t"; firewall-cmd --query-port $port/tcp; done
port 3199/tcp:	no
port 3200/tcp:	yes
port 3250/tcp:	yes
port 3299/tcp:	yes
port 3300/tcp:	yes
port 3200-3300/tcp:	yes
port 3250-3260/tcp:	no

Comment 8 Tomas Dolezal 2019-11-06 15:27:43 UTC
(In reply to Tomas Dolezal from comment #7)
> port 3200-3300/tcp:	yes
this port range was defined before the output in previous comment
# firewall-cmd --list-ports
3200-3300/tcp

Comment 10 Eric Garver 2020-03-19 21:06:09 UTC
Upstream:

fae2b48a5880 ("test: regression/rhbz1404076: enhance to include sub ranges")
f12e1587433c ("fix: source_port: support querying sub ranges")
6c0b07ad482d ("fix: port: support querying sub ranges")
cd8e0c3774a6 ("improvement: port: simplify queryPort")


Note You need to log in before you can comment on or make changes to this bug.