Bug #2363
closed
IPv6 default interface missing from firewall rule
0%
Description
This is a bug introduced by last yesterday's update. Worked fine before that. (2.1-DEVELOPMENT (amd64)
built on Sun Apr 8 21:08:28 EDT 2012
FreeBSD 8.3-RELEASE)
The IPv6 version of the "let out anything from firewall host itself" rule did not include an interface name.
I managed to get the rules to load after commenting out these two lines from /etc/inc/filter.inc (lines 2574 and 2575)
- if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6']))
# $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']}/$pdlen to !{$ifcfg
['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n";
maybe the real fix is to use $ifcfg['ipv6'] vs. $stf? ($stf seems to be empty).
my host uses a statically configured "gif0" 6in4 interface, not an auto configured 6to4 interface. I am marking this as "urgent" as it renders the firewall useless in my case.
Updated by Seth Mos about 12 years ago
- Status changed from New to Feedback
Apologies for the breakage, I removed a piece of logic and didn't have the oversight to see what it would do.
It's restored.
https://github.com/bsdperimeter/pfsense/commit/6e5d84ba22f252019e634152ca1a87d1b3d6dd74
Updated by Johannes Ullrich about 12 years ago
Thanks. just applied your patch manually to filter.inc, and it fixed the problem.