Project

General

Profile

Actions

Bug #16250

closed

Firewall rules with an interface address for the NAT64 source always use the interface itself

Added by Marcos M 3 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.07
Release Notes:
Default
Affected Version:
2.8.0
Affected Architecture:

Description

NAT64 rules with the NAT64 source set to <interface> address always reference the interface of that address. For example if the NAT64 source is set to OPT1 address (i.e. opt1ip), the rule is generated as follows:

@100 pass in quick on mvneta1.229 inet6 from <OPT4__NETWORK:1> to 64:ff9b::c0a8:100/120 flags S/SA keep state (if-bound) label "USER_RULE: Test NAT64 rule" label "id:1749511336" ridentifier 1749511336 af-to inet from (mvneta1.229)

The part af-to inet from (mvneta1.229) should instead be af-to inet from 192.168.220.1.

Actions

Also available in: Atom PDF