Todo #15436
closed
Update notes for if-bound state policy
100%
Description
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#interface-bound-states
For systems with multiple WANs, traffic attempting to exit WAN interfaces other than the one with the default gateway may not be able to pass outbound. This is because states initially get created by the OS as the packet attempts to leave following the default route, and then get redirected by route-to out a different path. Since the interfaces on the state do not match, the firewall does not allow the packet. Work is ongoing to address this issue in PF.
AFAIK the referenced pending work is done with:
https://cgit.freebsd.org/src/commit/?id=6460322a0a512f4e2c263bee54fc8bf46091f4cd
That is in 24.03 (tested working on a multi-WAN setup).
Updated by Jim Pingle 9 days ago
- Status changed from New to Closed
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
I was thinking that but I wasn't certain if there was still some other issue hanging out there. I removed the note, if we see any reports of issues we can always add back something more specific if need be.