Feature #3367
closed
Remove restriction that IPv4+IPv6 rules limited to TCP, UDP, ICMP only
0%
Description
[pfSense 2.1]
If you try to create a rule which is IPv4+IPv6 with protocol "any", it is rejected with the following error message (firewall_rules_edit.php):
"The following input errors were detected:
You can not assign a protocol other then ICMP, TCP, UDP or TCP/UDP to a rule that applies to IPv4 and IPv6"
The rule is accepted if you limit it to, say, TCP. This expands to two rules as shown by pfctl -sa:
pass in log quick on em0 reply-to (em0 10.0.2.2) inet proto tcp from any to <foobar> flags S/SA keep state label "USER_RULE: test"
pass in log quick on em0 inet6 proto tcp from any to <foobar> flags S/SA keep state label "USER_RULE: test"
However I don't see any particular reason why these rules must have "proto tcp". A quick check with pfctl -f <tempfile> demonstrates that the rules could be created without this.
Updated by Chris Buechler almost 9 years ago
- Status changed from New to Resolved
this was done in an earlier 2.2.x release