Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PATCH method on "/api/v2/firewall/nat/port_forward" , always getting error in "associated_rule_id" field. #518

Closed
poshl9k opened this issue Jul 22, 2024 · 2 comments

Comments

@poshl9k
Copy link

poshl9k commented Jul 22, 2024

Describe the bug
PATCH method on "/api/v2/firewall/nat/port_forward" , always getting error in "associated_rule_id" field.

curl -X 'PATCH' \
  'http://x.x.x.x/api/v2/firewall/nat/port_forward' \
  -H 'accept: application/json' \
  -H 'Authorization: Basic xxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
  "id": 0,
  "disabled": true,
  "associated_rule_id": "nat_669e4fc9db81b5.86263762",
}'

associated_rule_id gotten from /api/v2/firewall/nat/port_forwards

{
  "code": 400,
  "status": "bad request",
  "response_id": "FIELD_INVALID_CHOICE",
  "message": "Field `associated_rule_id` must be one of [, pass]",
  "data": []
}.

To Reproduce
Steps to reproduce the behavior:

  1. Go to pfsense api/documentation
  2. Click on /api/v2/firewall/nat/port_forwards and execute
  3. Get 'id' and 'associated_rule_id' of needed rule
  4. Click on /api/v2/firewall/nat/port_forwards and execute
  5. fill test json fields:
    id,
    associated_rule_id (because we cant go without it, but no reference about it in doc),
    disabled
  6. See error

by the way everything is the same with python requests.

Expected behavior
not changing unnecessary fields.
if it really needed: using associated_rule_id from pfsense NAT rule or firewall rule id

Screenshots or Response

pfSense Version & Package Version:

  • pfSense Version: 2.7.2-RELEASE
  • Package Version v2.0.2

Affected Endpoints:

  • URL: /api/v2/firewall/nat/port_forwards
  • URL: /api/v2/firewall/nat/port_forward

Thanks in advance! Totaly cool pkg, by the way, really appreciate your work!

@jaredhendrickson13
Copy link
Owner

This would be expected behavior as of right now. This endpoint currently only supports pass or an empty string (for unassociated filter rules) as the associated_rule_id:

Screenshot 2024-07-22 at 1 16 07 PM

If you added the port forward from the webConfigurator and set the 'Filter rule association' to 'Create a new associated filter rule', the endpoint will not accept the update until the associated_rule_id is changed to an option allowed by the REST API. You receive the error even with a partial update because the entire object still must be revalidated after any value changes to ensure there are no conflicts between existing values and changed values.

There is an open feature request (#275) to allow associated filter rules which should be picked up for v2.1.0. You can follow that issue for any updates.

Thanks!

@jaredhendrickson13 jaredhendrickson13 closed this as not planned Won't fix, can't repro, duplicate, stale Jul 22, 2024
@poshl9k
Copy link
Author

poshl9k commented Jul 24, 2024

@jaredhendrickson13
Thanks for explanation. I'll follow that request #275

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants