Project

General

Profile

Bug #1954

Outbound manual nat rules could break CARP

Added by Ermal Luçi almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
CARP
Target version:
Start date:
10/13/2011
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

If user create manual outbound rules with source any it can break carp protocol.
Prevent this by adding protection no nat/rdr rules so those generic rules do not break the carp protocol.

Probably since this is skipped already even in filtering the same fix as for pfsync should be done, just do not send outgoing packets of carp protocol to pf(4)!?

History

#1 Updated by Ermal Luçi almost 8 years ago

  • Status changed from New to Feedback

A fix has been put in for 2.0.1 to prevent nat from messing with carp packets.

#2 Updated by Chris Buechler almost 8 years ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF