Bug #2073: APIPA broadcasts forwarded by route-to - pfSense - pfSense bugtracker

Actions

Copy link

Bug #2073

closed

APIPA broadcasts forwarded by route-to

Added by Chris Buechler over 12 years ago. Updated over 4 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Operating System

Target version:

2.2

Start date:

01/05/2012

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

Description

If there is a host with an APIPA IP sending broadcasts that match a route-to rule, the traffic gets forwarded by route-to. antispoof should block that scenario, since that IP subnet isn't defined on the source interface. We should change route-to should never forward anything destined to a broadcast MAC address to prevent such scenarios.

To work around, just add a rule to block APIPA, 169.254.0.0/16. Or ideally don't use overly permissive rulesets, the default rules will not permit this to happen.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #2073

APIPA broadcasts forwarded by route-to

Updated by Chris Buechler almost 12 years ago

Updated by Chris Buechler over 9 years ago

Updated by Brandon Jackson over 7 years ago

Updated by Jim Pingle over 7 years ago

Updated by Brandon Jackson about 7 years ago

Updated by Viktor Gurov over 4 years ago