Actions
Bug #1954
closedOutbound manual nat rules could break CARP
Start date:
10/13/2011
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
If user create manual outbound rules with source any it can break carp protocol.
Prevent this by adding protection no nat/rdr rules so those generic rules do not break the carp protocol.
Probably since this is skipped already even in filtering the same fix as for pfsync should be done, just do not send outgoing packets of carp protocol to pf(4)!?
Updated by Ermal Luçi about 13 years ago
- Status changed from New to Feedback
A fix has been put in for 2.0.1 to prevent nat from messing with carp packets.
Updated by Chris Buechler about 13 years ago
- Status changed from Feedback to Closed
Actions