Project

General

Profile

Actions
Copy link

Bug #16250

closed

Firewall rules with an interface address for the NAT64 source always use the interface itself

Added by Marcos M 3 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
Rules / NAT
Target version:
2.8.1
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.07
Release Notes:
Default
Affected Version:
2.8.0
Affected Architecture:

Description

NAT64 rules with the NAT64 source set to <interface> address always reference the interface of that address. For example if the NAT64 source is set to OPT1 address (i.e. opt1ip), the rule is generated as follows:

@100 pass in quick on mvneta1.229 inet6 from <OPT4__NETWORK:1> to 64:ff9b::c0a8:100/120 flags S/SA keep state (if-bound) label "USER_RULE: Test NAT64 rule" label "id:1749511336" ridentifier 1749511336 af-to inet from (mvneta1.229)

The part af-to inet from (mvneta1.229) should instead be af-to inet from 192.168.220.1.

Actions
Copy link
 #1

Updated by Marcos M 3 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #2

Updated by Marcos M 3 months ago

  • Subject changed from Firewall rules with an interface address NAT64 source always use the interface itself to Firewall rules with an interface address for the NAT64 source always use the interface itself
Actions
Copy link
 #3

Updated by Georgiy Tyutyunnik 2 months ago

  • Status changed from Feedback to Resolved

resolved, patch works as intended
tested on
25.11-DEVELOPMENT (amd64)
built on Thu Jun 19 19:22:00 UTC 2025
FreeBSD 15.0-CURRENT

Actions
Copy link
 #4

Updated by Jim Pingle 2 months ago

  • Plus Target Version changed from 25.03 to 25.07
Actions
Copy link
 #5

Updated by Jim Pingle 2 months ago

  • Target version changed from 2.9.0 to 2.8.1
Actions
Copy link

Also available in: Atom PDF