NAT: Predefined ports overwrite alias with same name

[StrikerTwo]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guidelines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have a NAT rule forwarding FTP active + passive ports. I used an alias called "FTP" for the default ports (20:21) and my chosen passive port range (20000:20099).
This silently got rewritten to use only the predefined "ftp" port (21).
Editing the rule, selecting the port alias and saving again still uses only port 21.

If I rename the alias to something else (like "FTPs") it works again. It looks like the save API call transmits only the name (local-port: "FTP"), and the backend looks in the predefined ports first.
If that is the logic, creating aliases with names identical to predefined ports should be prohibited.

To Reproduce

Steps to reproduce the behavior:

1. Create port alias named "ftp" containing more than just port 21
2. Create NAT forwarding rule, select that alias as destination port, click save
3. Look at the rule, it has selected "FTP(21)" as destination

Expected behavior

Use the alias instead of the predefined port if that was what I selected

Describe alternatives you considered

See above, do not name aliases identical to existing predefined ports.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 26.1.7_3-amd64
Hyper-V VM

[StrikerTwo]

Okay, I just tried that and I cannot create a new port alias called "ftp", so that point is moot.
But the change still broke existing NAT rules.