After updating to core 195 I can not create new firewall rule when src and dst is subnet it shows error message as below image (Blue network → Green network). even some existing rules not working i see DROP_FORWARD in logs. not sure if this started with core 195.
While investigating, I found in firewall.cgi (Core 195) starting from line 879 to 883, the script sets the errormessage by concatenating the source IP and CIDR with the target IP and CIDR, just before the actual check happens.
Is this the intended behavior or am I missing something?
I compared this with Core 189, and this part was not present there.
The section that you highlight was changed in CU195.
Unfortunately it looks like no Testing user tested out the Firewall Rules WUI page as this was not flagged up at all.
EDIT:
Looking closer at the section, the only thing changed is the error message. The problem is that the same subnet for src and dst is being triggered when they are not the same.
Changes were made elsewhere in firewall.cgi related to the introduction of WireGuard. Maybe some of those changes impacted the “same subnet” check.
That will need to be looked at further.
If errors creep in that require a bug fix, we should also increase the version number → CU195.1 or CU195-1 or anything else, but not increasing the version number is a really bad idea in my opinion ^^
all users who encounter this error will open a thread about it - Maintaining the current release number only causes confusion
If you’re affected by the firewall rule creation error in Core Update 195 — particularly when trying to define both source and destination as subnets — a quick workaround is to manually apply the fix from the official Git repository.
Once that’s done, head back to the WUI and test adding your rule again. This should bypass the erroneous subnet conflict check that was causing the problem.
