Project

General

Profile

Bug #2293

Associated NAT rules for TCP missing flags

Added by Jim Pingle over 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
03/14/2012
Due date:
% Done:

0%

Affected version:
Affected Architecture:

Description

TCP rules are supposed to get "flags S/SA" by default but for some reason associated filter rules for TCP port forwards do not.

Easy to reproduce, make a port forward for a TCP port with an associated rule and check /tmp/rules.debug - no flags.

Make a normal firewall rule for a TCP port, and it gets flags.

History

#1 Updated by Jim Pingle over 4 years ago

  • Status changed from New to Feedback

Mostly mitigated by c3f01709d6d932f9f49f771ecd5f2652af05d5fe and the fact that pf apparently assumes flags S/SA when they're not specified.

Not sure why it was failing the test fixed in that commit, someone may want to test setting other advanced options on those rules and see if any of them actually work. (the ones that make sense to work anyhow)

#2 Updated by Chris Buechler over 3 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF