https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-07-04T08:11:14ZpfSense bugtrackerpfSense - Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefinedhttps://redmine.pfsense.org/issues/10726?journal_id=470552020-07-04T08:11:14ZViktor Gurov
<ul><li><strong>Category</strong> set to <i>Rules / NAT</i></li><li><strong>Affected Version</strong> set to <i>2.4.5-p1</i></li></ul><p>seems pfctl icmp-type + sticky-address issue,<br />but only if you select icmp message types (icmp any works fine),<br />same error with IPv6 ICMP,<br />same on 2.5 snapshots</p>
<p>See also <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: WAN loadbalancing rule fails on second/third safe (Closed)" href="https://redmine.pfsense.org/issues/2493">#2493</a></p> pfSense - Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefinedhttps://redmine.pfsense.org/issues/10726?journal_id=470602020-07-04T15:21:20ZFritz Lakritz
<ul></ul><p>It looks like, that bug has not been resolved since 8 years..<br /><a class="external" href="https://redmine.pfsense.org/issues/2493">https://redmine.pfsense.org/issues/2493</a></p> pfSense - Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefinedhttps://redmine.pfsense.org/issues/10726?journal_id=471102020-07-09T03:55:45ZViktor Gurov
<ul></ul><p><a class="external" href="https://github.com/pfsense/FreeBSD-src/blob/devel-12/sbin/pfctl/parse.y#L4133-L4137">https://github.com/pfsense/FreeBSD-src/blob/devel-12/sbin/pfctl/parse.y#L4133-L4137</a>:<br /><pre>
| STICKYADDRESS {
if (filter_opts.marker & POM_STICKYADDRESS) {
yyerror("sticky-address cannot be redefined");
YYERROR;
}
</pre><br />for some reason POM_STICKYADDRESS is not cleared when using ICMP/ICMPv6 with any option (which sets 'filter_opts.marker')</p> pfSense - Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefinedhttps://redmine.pfsense.org/issues/10726?journal_id=494232020-11-12T10:12:26ZViktor Gurov
<ul><li><strong>Affected Version</strong> changed from <i>2.4.5-p1</i> to <i>2.5.0</i></li></ul>