Bug #10712: "default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD - pfSense - pfSense bugtracker

Actions

Copy link

Bug #10712

open

"default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD

Added by Viktor Gurov over 4 years ago. Updated over 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Rules / NAT

Target version:

Start date:

06/29/2020

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.5-p1

Affected Architecture:

Description

https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Quite simply, you boot, you get an IPv6 PD and give it out through SLAAC on your LAN interface, machines get an IP but aren't able to connect to the internet over IPv6. If you check the firewall logs, you'll see the traffic gets dropped due to the default drop all rule.

Workaround : disable and enable any firewall rule to force a reload of the rules. After that, connectivity works.

My assumption for the root cause: the "LAN net" source does not get updated correctly when the PD gets assigned, since it does take a while to get the PD and assign it to all the needed interfaced. Because of this, the traffic from the PDd IPs is not recognised and dropped. Reloading the rules forced a reload of the "LAN net" source and thus makes it work.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #10712

"default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD

Updated by Offstage Roller over 4 years ago