Bug #2073: APIPA broadcasts forwarded by route-to - pfSense - pfSense bugtracker

Actions

Copy link

Bug #2073

closed

APIPA broadcasts forwarded by route-to

Added by Chris Buechler almost 13 years ago. Updated almost 5 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Operating System

Target version:

2.2

Start date:

01/05/2012

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

Description

If there is a host with an APIPA IP sending broadcasts that match a route-to rule, the traffic gets forwarded by route-to. antispoof should block that scenario, since that IP subnet isn't defined on the source interface. We should change route-to should never forward anything destined to a broadcast MAC address to prevent such scenarios.

To work around, just add a rule to block APIPA, 169.254.0.0/16. Or ideally don't use overly permissive rulesets, the default rules will not permit this to happen.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #2073

APIPA broadcasts forwarded by route-to

Updated by Chris Buechler over 12 years ago

Updated by Chris Buechler about 10 years ago

Updated by Brandon Jackson almost 8 years ago

Updated by Jim Pingle almost 8 years ago

Updated by Brandon Jackson almost 8 years ago

Updated by Viktor Gurov almost 5 years ago