Project

General

Profile

Actions

Regression #15197

closed

Outbound NAT rules using an alias without a matching address family create unexpected PF rules

Added by Marcos M 10 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Create an Outbound NAT rule with:
- Do not NAT checked
- IPv4+IPv6 for address family
- Source <interface> subnets using an interface with only IPv6

Create an Outbound NAT rule with:
- Do not NAT checked
- IPv4 for address family
- Source <interface> subnets using an interface with only IPv6

These rules result in e.g.:

no nat on $ISP1  from any to any # TEST
no nat on $ISP1 inet from any to any # TEST

Instead of defaulting to a host of any, no rule should be generated.


Files

rulesNAT.txt (360 Bytes) rulesNAT.txt Georgiy Tyutyunnik, 01/31/2024 12:44 PM
Actions #1

Updated by Marcos M 10 months ago

  • Status changed from New to Waiting on Merge
  • Assignee set to Marcos M
  • Target version set to 2.8.0
  • Plus Target Version set to 24.03
Actions #2

Updated by Marcos M 10 months ago

  • Status changed from Waiting on Merge to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Georgiy Tyutyunnik 10 months ago

tested and reproduced on:
Version 24.03-DEVELOPMENT (amd64)
built on Tue Jan 23 6:00:00 UTC 2024
FreeBSD 15.0-CURRENT

patch works. relevant ruleset part before and after patch attached

Actions #4

Updated by Marcos M 10 months ago

  • Status changed from Feedback to Resolved
Actions #5

Updated by Jim Pingle 10 months ago

  • Subject changed from Outbound NAT rules using an alias without a matching IP family create unexpected pf rules to Outbound NAT rules using an alias without a matching address family create unexpected PF rules
Actions

Also available in: Atom PDF