Bug #16798: UDP Broadcast Traffic Sent out WAN when Policy-based Route is Defined - pfSense Plus - pfSense bugtracker

Actions

Copy link

Bug #16798

open

UDP Broadcast Traffic Sent out WAN when Policy-based Route is Defined

Added by Kris Phillips 1 day ago. Updated about 8 hours ago.

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Routing

Target version:

Start date:

Due date:

% Done:

Estimated time:

Release Notes:

Default

Affected Plus Version:

Affected Architecture:

Description

If you have a gateway override in a firewall rule for policy-based routing, pfSense Plus will forward broadcast traffic across broadcast domains from inside to outside on a WAN interface.

Steps to reproduce:
1. Create a firewall rule with any destination on an inside interface to use a different gateway than default.
2. Initiate broadcast traffic for UDP to a destination of 255.255.255.255
3. While traffic is running, run a packet capture on WAN

The traffic will pass across the inside interface to WAN unimpeded. Broadcast traffic should never leave it's broadcast domain unless you have a relay configured to retransmit this across to another one.

When utilizing allow rules that do not have a PBR, this traffic will stop at the inside interface as expected.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Plus

Custom queries

Bug #16798

UDP Broadcast Traffic Sent out WAN when Policy-based Route is Defined

Updated by Bryan Allen about 8 hours ago