pfSense

Spawned from a question posted to twitter by me:

Jim P ‏@jimptwit 32m32 minutes ago
@sjorge @pfsense "Any" means Any. There are many more protocols than ICMP, TCP, and UDP: https://github.com/pfsense/pfsense/blob/master/etc/protocols … - "Any" covers them all.

Jorge Schrauwen ‏@sjorge 22m22 minutes ago
@jimptwit @pfsense so to all 'all' protocols between 2 interfaces I NEED to create at least 2 rules? Seems counter intuitive. 1/4

Jorge Schrauwen ‏@sjorge 23m23 minutes ago
@jimptwit @pfsense option 1: ipv4 proto any on int1 from any to int2:net + ipv6 proto any on int1 from any to int2:net 2/4

Jorge Schrauwen ‏@sjorge 23m23 minutes ago
@jimptwit @pfsense option 2: ipv4+ipv6 proto tcp+udp on int1 from any to int2:net + ipv4+ipv6 proto icmp on int1 from any to int2:net 3/4

Jorge Schrauwen ‏@sjorge 23m23 minutes ago
@jimptwit @pfsense (as other protocols are invalid for the ipv4+ipv6 selector) it should be possible to have just one rule. 4/4

Jorge Schrauwen ‏@sjorge 6m6 minutes ago
@jimptwit @pfsense hmmm... that kind of sucks. Will file a feature request in a few minutes.

Jim P ‏@jimptwit 10m10 minutes ago
@sjorge @pfsense Yes, it's a limit of pf. W/o extra code to split it behind the scenes, there isn't a way yet. Not a bug, a missing feature.

Setting to affected version to 2.2 since that is what I tried it on, have no tried older version.