Bug #2451
closedIPv6 rule: 'add network' becomes 'add single host'
100%
Description
I tried to add a reject rule for a range of IPv6 addresses:
"Reject TCP IPv6 to type network 2a00:1450:: CIDR /32"
After I have clicked 'save' it shows me the single alias. Not a network.
This is on 2.1-DEVELOPMENT (i386) built on Fri May 18 05:21:05 EDT 2012 FreeBSD 8.3-RELEASE-p1 NanoBSD.
Updated by Seth Mos over 12 years ago
can you include what ends up in the /tmp/rules.debug?
Updated by Charles Orus over 12 years ago
block return in quick on $WIRED inet6 from any to 2a00:1450:: label "USER_RULE: TmpReject YouTube"
Updated by Jim Pingle over 11 years ago
- Target version set to 2.1
This is probably due to an old check for the CIDR being /32 meaning single IP, but that test should not be applied on IPv6 IPs.
I can confirm it still happens on a current 2.1 snap.
Updated by Renato Botelho over 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset cb2b59b89b4d7fb6449c0f45d142302dd2029373.
Updated by Jim Pingle over 11 years ago
- Status changed from Feedback to New
- % Done changed from 100 to 50
It's partially fixed but not 100%
If I enter 2a00:1450:: in a firewall rule as a network with a mask of /32 (which is perfectly valid as a normal prefix length on IPv6), it does show 2a00:1450::/32 on the rule list now, but when you go back into the rule to edit again, the choice has moved from Network to Single Host or Alias.
Updated by Renato Botelho over 11 years ago
I couldn't reproduce it here. When I back to edit rule it's set as network and bitmask 32.
Updated by Jim Pingle over 11 years ago
OK it works correctly in the source box, but not the destination box.
Updated by Renato Botelho over 11 years ago
- Status changed from New to Feedback
- % Done changed from 50 to 100
Applied in changeset 965c3e23a60f25d263389bf02b685bb7f20f3915.
Updated by Tobias Wigand over 11 years ago
Maybe this change broke something, because I have created exactly the same rule on earlier snapshots without any problems:
Trying to add a Block rule for IPv6 ICMP traffic from "Single Host or Alias" fe80::1 always results in a Network Source with fe80::1/32 for me. I'm on the latest snapshot Fri Feb 15 15:43:49 EST 2013. Tried this with multiple browsers.
Updated by Renato Botelho over 11 years ago
- Status changed from New to Feedback
Applied in changeset 507aa90af48b14ffaab6664c708a3b03d723164c.
Updated by Tobias Wigand over 11 years ago
The latest change fixed my problem, thank you!
Updated by Renato Botelho over 11 years ago
- Status changed from Feedback to Resolved