Bug #16798
open
UDP Broadcast Traffic Sent out WAN when Policy-based Route is Defined
0%
Description
If you have a gateway override in a firewall rule for policy-based routing, pfSense Plus will forward broadcast traffic across broadcast domains from inside to outside on a WAN interface.
Steps to reproduce:
1. Create a firewall rule with any destination on an inside interface to use a different gateway than default.
2. Initiate broadcast traffic for UDP to a destination of 255.255.255.255
3. While traffic is running, run a packet capture on WAN
The traffic will pass across the inside interface to WAN unimpeded. Broadcast traffic should never leave it's broadcast domain unless you have a relay configured to retransmit this across to another one.
When utilizing allow rules that do not have a PBR, this traffic will stop at the inside interface as expected.
Updated by
Updated by Christian McDonald 19 days ago
- Project changed from pfSense Plus to pfSense
- Category changed from Routing to Routing
- Assignee set to Christian McDonald
- Target version set to CE-Next
- Plus Target Version set to 26.07
I wrote a few test cases for this today, now to fix it :)
Updated by Christian McDonald 19 days ago
- Status changed from Confirmed to In Progress
Updated by Christian McDonald 19 days ago
Pending review: https://reviews.freebsd.org/D56559
Updated by Christian McDonald 17 days ago
We will likely work around this by adding several block out quick rules on route-to target interfaces to catch forwarded broadcast/multicast traffic.
Updated by Christian McDonald 17 days ago
Updated by Christian McDonald 17 days ago
- Status changed from In Progress to Pull Request Review