Interface group doesn't apply to all interfaces in all cases
|Affected version:||2.0||Affected Architecture:|
I have an interface group "WANs" containing two WANs, em1 and em2. This is correct.
# ifconfig -g WANs em1 em2
One rule on that interface group.
pass in quick on $WANs from 204.x.x.x to any keep state label "USER_RULE: testing"
Works fine on em2, but em1 still blocks all traffic from the specified source. Something not working there.
Jul 20 00:44:29 fw1 pf: 00:00:00.972925 rule 1/0(match): block in on em1: (tos 0x0, ttl 52, id 46106, offset 0, flags [none], proto ICMP (1), length 84) Jul 20 00:44:29 fw1 pf: 204.x.x.x.x > 96.x.x.x.x: ICMP echo request, id 36356, seq 21, length 64
#1 Updated by Chris Buechler over 1 year ago
- Priority changed from Normal to High
- Target version changed from 2.0 to 2.0.1
#2 Updated by Chase Bolt over 1 year ago
This appears fixed. Pings flow through both interfaces in a group, matching on the correct rule.
Tested on 2.0-RELEASE Build Tue Sep 13 17:33:40 EDT 2011.
#3 Updated by Chris Buechler over 1 year ago
- Status changed from New to Feedback
- Target version deleted (
#4 Updated by Chase Bolt over 1 year ago
Ok, so our initial tests showed this issue was resolved. But when applying live traffic on the box, about 70% of the traffic hit this bug. We aren't clear on the circumstances that made the 70% traffic use the non-group rule set yet.
Hopefully more info on this to follow.