Project

General

Profile

Actions

Bug #1954

closed

Outbound manual nat rules could break CARP

Added by Ermal Luçi almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
CARP
Target version:
Start date:
10/13/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

If user create manual outbound rules with source any it can break carp protocol.
Prevent this by adding protection no nat/rdr rules so those generic rules do not break the carp protocol.

Probably since this is skipped already even in filtering the same fix as for pfsync should be done, just do not send outgoing packets of carp protocol to pf(4)!?

Actions #1

Updated by Ermal Luçi almost 10 years ago

  • Status changed from New to Feedback

A fix has been put in for 2.0.1 to prevent nat from messing with carp packets.

Actions #2

Updated by Chris Buechler almost 10 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF