Bug #11572
openAuto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
0%
Description
Using any IPv6 list in pfblocker-ng "IPv6 settings" tab results in a firewall rule with the protocol set to IPv4. This results in IPv6 traffic being passed that should be blocked by the pfblocker list rule.
Suggestion: Change auto-created rule for "IPv6" pfblocker-ng entries to IPv6..
Steps to reproduce:
- vanilla pfSense install 2.5.0 x86_64. WAN/LAN only.
- install pfblocker (2.1.4_24)
- enable pfblockerng
Firewall / pfBlockerNG / IPv6 :
- add an IPv6 list - for example https : //www.spamhaus.org/drop/dropv6.txt
- Set list action to "deny both"
- force update of pfblocker
- Examine LAN firewall rules - note auto rule created, with protocol of IPv4.
Updated by BBcan177 . almost 4 years ago
Please update to pfBlockerNG-devel, as pfBlockerNG is not receiving many updates. This issue is resolved in devel.
Updated by Dave Tickem almost 4 years ago
Confirmed - created as an IPv6 rule in beta. Just means that all those out there using the "release" version are at risk of assuming IPv6 lists are providing benefit, when they are not.
Is there an ETA for devel -> Stable? If it's a fair way off, then perhaps is a better security decision to fix this in current as well?
Updated by BBcan177 . almost 4 years ago
There are a couple items to iron out in devel, so don't think too long.
Updated by Viktor Gurov almost 4 years ago
- Target version deleted (
2.5.1) - Affected Version deleted (
2.5.0)
Updated by Beat Siegenthaler over 2 years ago
Still an issue in 2.6.0
Why not remove pfblockerNG from Repo if it's no more fixed and maintained anyway? Saves time and anger!!