Project

General

Profile

Actions
Copy link

Bug #13908

open

CARP automatically generated rules don't get removed

Added by Danilo Zrenjanin 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Virtual IP Addresses
Target version:
2.7.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Carp automatically generated rules generated after defining a CARP VIP don't get removed after removing the CARP VIP.

If you manually run the filter reload, the rules will get removed.

Steps to reproduce:

  1. Define a CARP VIP on the WAN interface
  2. Confirm that the rules have been created in the /tmp/reles.debug file. 
    # CARP rules
block in log quick proto carp from (self) to any ridentifier 1000000201
pass  quick proto carp ridentifier 1000000202 no state
  3. Remove the CARP VIP on the WAN interface defined in step 1.
  4. Check the /tmp/reles.debug file again, and the rules will still be present
Actions
Copy link
 #1

Updated by Jim Pingle 2 months ago

  • Category changed from CARP to Virtual IP Addresses
  • Target version set to 2.7.0

This likely applies to any VIP type, not just CARP. Though other types do not have special rules like CARP, they may still be present in other places (e.g. interface net macros)

Actions
Copy link

Also available in: Atom PDF