Actions
Bug #2293
closedAssociated NAT rules for TCP missing flags
Start date:
03/14/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
TCP rules are supposed to get "flags S/SA" by default but for some reason associated filter rules for TCP port forwards do not.
Easy to reproduce, make a port forward for a TCP port with an associated rule and check /tmp/rules.debug - no flags.
Make a normal firewall rule for a TCP port, and it gets flags.
Updated by Jim Pingle almost 13 years ago
- Status changed from New to Feedback
Mostly mitigated by c3f01709d6d932f9f49f771ecd5f2652af05d5fe and the fact that pf apparently assumes flags S/SA when they're not specified.
Not sure why it was failing the test fixed in that commit, someone may want to test setting other advanced options on those rules and see if any of them actually work. (the ones that make sense to work anyhow)
Updated by Chris Buechler about 12 years ago
- Status changed from Feedback to Resolved
Actions