Project

General

Profile

Actions

Bug #2293

closed

Associated NAT rules for TCP missing flags

Added by Jim Pingle over 12 years ago. Updated about 12 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
03/14/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

TCP rules are supposed to get "flags S/SA" by default but for some reason associated filter rules for TCP port forwards do not.

Easy to reproduce, make a port forward for a TCP port with an associated rule and check /tmp/rules.debug - no flags.

Make a normal firewall rule for a TCP port, and it gets flags.

Actions #1

Updated by Jim Pingle over 12 years ago

  • Status changed from New to Feedback

Mostly mitigated by c3f01709d6d932f9f49f771ecd5f2652af05d5fe and the fact that pf apparently assumes flags S/SA when they're not specified.

Not sure why it was failing the test fixed in that commit, someone may want to test setting other advanced options on those rules and see if any of them actually work. (the ones that make sense to work anyhow)

Actions #2

Updated by Chris Buechler about 12 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF