Regression #13459
closed
Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
Added by Steve Wheeler over 1 year ago.
Updated over 1 year ago.
Plus Target Version:
23.01
Release Notes:
Force Exclusion
Affected Architecture:
All
Description
The patch we had to by-pass reply-to tagging for traffic sourced from the same subnet is not in main builds.
That means traffic from a client in the WAN subnet can no longer access the pfSense WAN IP address because replies go back to the gateway instead of directly.
This is a functional change that would affect a lot of users.
The behaviour should be restored either by a similar patch or by an automated rule with reply-to disabled when required.
- Status changed from New to Ready To Test
While I still think the best fix here would be to teach the PHP code to generate a corresponding pass rule for local traffic the PHP code would need significant refactoring to make that possible.
So I've merged the original reply-to.diff patch into devel-main (not yet into plus-devel-main, but it'll get picked up in a future merge) as 2f3847cd957d5a493c8d691114bf387fb3d9690c.
- Plus Target Version changed from 22.11 to 23.01
- Status changed from Ready To Test to Feedback
- Assignee set to Kristof Provost
- Subject changed from Reply-to by-pass is no longer functioning in main builds to Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
- Release Notes changed from Default to Force Exclusion
Not a problem in a release, excluding from release notes.
- Status changed from Feedback to Resolved
- % Done changed from 0 to 100
- Private changed from Yes to No
I haven't needed the manual rule to disable reply-to on WAN since this went in months ago. Seems OK to close to me.
Also available in: Atom
PDF
Updated by 
Updated by