pfSense

A misconfigured outbound NAT rule that used to load now stops pf from loading the rule set.

First seen on:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2

Same configuration was not throwing an error on 23.05.1

There were error(s) loading the rules: /tmp/rules.debug:115: rule expands to no valid combination - The line in question reads [115]: nat on $WAN inet6 from 172.25.232.104/32 port 5060 to any -> 2001:470:e01a:7fff::12ef/128 port 1024:65535
@ 2023-08-27 12:11:37

The outbound NAT rule in question is:

Interface: WAN
Address Family: IPv4+IPv6
Protocol: Any
Source: Network or Alias: 172.25.232.104/32 Port 5060
Destination: Any
Translation: WAN Address

Changing the rule to IPv4 only allows the rule set to load.

The WebGUI does not prohibit changing it back to IPv4+IPv6 and it breaks again.

Doing the same thing on 2.8.0 (Aug 5) does not create the inet6 rule and the ruleset loads.

Similar to #11548