Bug #16798
open
UDP Broadcast Traffic Sent out WAN when Policy-based Route is Defined
0%
Description
If you have a gateway override in a firewall rule for policy-based routing, pfSense Plus will forward broadcast traffic across broadcast domains from inside to outside on a WAN interface.
Steps to reproduce:
1. Create a firewall rule with any destination on an inside interface to use a different gateway than default.
2. Initiate broadcast traffic for UDP to a destination of 255.255.255.255
3. While traffic is running, run a packet capture on WAN
The traffic will pass across the inside interface to WAN unimpeded. Broadcast traffic should never leave it's broadcast domain unless you have a relay configured to retransmit this across to another one.
When utilizing allow rules that do not have a PBR, this traffic will stop at the inside interface as expected.
Updated by 
Updated by