Bug #7118
closed
ICMP rule with ICMP type "any" fails to load
100%
Description
Creating a pass rule with ICMP and ICMP type any prevents the ruleset from being loaded.
The following rule is generated and fails:
pass in quick on $LAN inet proto icmp from 192.168.1.0/24 to any icmp-type any tracker 1484287460 keep state label "USER_RULE: Allow ICMP "
I think "icmp-type any" is wrong and should be left out to match all ICMP traffic.
The rule should look like it does in 2.3:
pass in quick on $LAN inet proto icmp from 192.168.1.0/24 to any tracker 1416374361 keep state label "USER_RULE: Allow ICMP"
Updated by Phillip Davis over 7 years ago
Pull request to fix: https://github.com/pfsense/pfsense/pull/3377
Updated by
Updated by Phillip Davis over 7 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 007cfb6ab6d7733c7a98d8fc5baae59028753107.
Updated by Jim Pingle over 7 years ago
- Status changed from Feedback to New
This still fails for me after a gitsync.
There were error(s) loading the rules: /tmp/rules.debug:189: syntax error - The line in question reads [189]: pass in quick on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto icmp from any to 1.2.3.4 icmp-type any tracker 1484267245 keep state label "USER_RULE"
Updated by Jim Pingle over 7 years ago
- Status changed from New to Resolved
OK, nevermind, I ran it again and it's fine. The sync didn't pick that up.
github has been spazzing out today, the first sync probably didn't get anything new.