Project

General

Profile

Actions

Regression #14415

closed

Enable IPv6 over IPv4 tunneling option results in invalid PF rule

Added by Jim Pingle over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05.1
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Enabling "Enable IPv6 over IPv4 tunneling" on system_advanced_network.php results in an invalid pf rule, leading to a ruleset error:

There were error(s) loading the rules: /tmp/rules.debug:59: syntax error - The line in question reads [59]: rdr on $WAN proto ipv6 from any to any ->
@ 2023-05-25 10:07:58

The line in question is invalid as it lacks a destination:

59:rdr on $WAN proto ipv6 from any to any ->

The target system is in the config.xml and shows on system_advanced_network.php but it isn't making it into the ruleset.

It appears to be due to one variable missing a letter in filter.inc:

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 7063798529..255af0903c 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -2490,7 +2490,7 @@ function filter_nat_rules_generate() {
            (is_ipaddr($ipv6nataddr)) &&
            (is_array($FilterIflist['wan']))) {
                /* XXX: FIX ME!  IPV6 */
-               $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto ipv6 from any to any -> {$pv6nataddr}\n";
+               $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto ipv6 from any to any -> {$ipv6nataddr}\n";
        }

        unlink_if_exists("{$g['varetc_path']}/xinetd.conf");

This affects both 23.05 and 23.01.

Actions

Also available in: Atom PDF