Actions
Bug #16250
closed
Firewall rules with an interface address for the NAT64 source always use the interface itself
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
25.07
Release Notes:
Force Exclusion
Affected Version:
2.8.0
Affected Architecture:
Description
NAT64 rules with the NAT64 source set to <interface> address always reference the interface of that address. For example if the NAT64 source is set to OPT1 address (i.e. opt1ip), the rule is generated as follows:
@100 pass in quick on mvneta1.229 inet6 from <OPT4__NETWORK:1> to 64:ff9b::c0a8:100/120 flags S/SA keep state (if-bound) label "USER_RULE: Test NAT64 rule" label "id:1749511336" ridentifier 1749511336 af-to inet from (mvneta1.229)
The part af-to inet from (mvneta1.229) should instead be af-to inet from 192.168.220.1.
Updated by Marcos M about 1 year ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset commit:b947a5b8ec0662714933fb67c28077e92da56e3f.
Updated by Marcos M about 1 year ago
- Subject changed from Firewall rules with an interface address NAT64 source always use the interface itself to Firewall rules with an interface address for the NAT64 source always use the interface itself
Updated by Georgiy Tyutyunnik about 1 year ago
- Status changed from Feedback to Resolved
resolved, patch works as intended
tested on
25.11-DEVELOPMENT (amd64)
built on Thu Jun 19 19:22:00 UTC 2025
FreeBSD 15.0-CURRENT
Updated by Jim Pingle 12 months ago
- Plus Target Version changed from 25.03 to 25.07
Actions