Actions
Correction #12535
openNegate Rules function does not match the description
Status:
New
Priority:
Normal
Assignee:
-
Category:
Firewall Rules
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Description
Originally the automatic Negate Network rules were intended to negate policy routing for locally connected subnets and VPN connected subnets.
Some time ago that appears to have changed to only VPN connected subnets. Probably here:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/b4227df690fb7a989ead9b3928ebaaaa34b495eb/diff/etc/inc/filter.inc
However the description of that function in the docs refers to both.
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#config-disablenegaterules
In a Multi-WAN configuration traffic for directly connected networks and VPN networks typically must still flow properly when using policy routing. The firewall will insert rules to pass this local and VPN traffic without a gateway specified, to maintain connectivity.
https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html
Rules are added automatically to negate policy routing for traffic destined to remote VPN subnets, but they do not always have the intended effect.
The actual intended function of those rules needs clarification and the docs updated to match that.
Updated by Jim Pingle over 2 years ago
- Related to Todo #13058: Add static routes and directly connected networks back to policy route negation rules added
Updated by Jim Pingle over 2 years ago
- Tracker changed from Documentation to Correction
- Project changed from pfSense to pfSense Docs
- Category changed from Routing to Firewall Rules
- Target version deleted (
CE-Next) - Plus Target Version deleted (
Plus-Next) - Affected Version deleted (
All)
Actions