Bug #2451: IPv6 rule: 'add network' becomes 'add single host' - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #2451

closed

IPv6 rule: 'add network' becomes 'add single host'

Added by Charles Orus over 12 years ago. Updated almost 12 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Renato Botelho

Category:

Rules / NAT

Target version:

2.1

Start date:

05/24/2012

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.1-IPv6

Affected Architecture:

i386

Description

I tried to add a reject rule for a range of IPv6 addresses:

"Reject TCP IPv6 to type network 2a00:1450:: CIDR /32"

After I have clicked 'save' it shows me the single alias. Not a network.

This is on 2.1-DEVELOPMENT (i386) built on Fri May 18 05:21:05 EDT 2012 FreeBSD 8.3-RELEASE-p1 NanoBSD.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Seth Mos over 12 years ago

can you include what ends up in the /tmp/rules.debug?

Actions

Copy link

Updated by Charles Orus over 12 years ago

block return in quick on $WIRED inet6 from any to 2a00:1450:: label "USER_RULE: TmpReject YouTube"

Actions

Copy link

Updated by Jim Pingle almost 12 years ago

Target version set to 2.1

This is probably due to an old check for the CIDR being /32 meaning single IP, but that test should not be applied on IPv6 IPs.
I can confirm it still happens on a current 2.1 snap.

Actions

Copy link

Updated by Renato Botelho almost 12 years ago

Assignee set to Renato Botelho

Actions

Copy link

Updated by Renato Botelho almost 12 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset cb2b59b89b4d7fb6449c0f45d142302dd2029373.

Actions

Copy link

Updated by Jim Pingle almost 12 years ago

Status changed from Feedback to New
% Done changed from 100 to 50

It's partially fixed but not 100%

If I enter 2a00:1450:: in a firewall rule as a network with a mask of /32 (which is perfectly valid as a normal prefix length on IPv6), it does show 2a00:1450::/32 on the rule list now, but when you go back into the rule to edit again, the choice has moved from Network to Single Host or Alias.

Actions

Copy link

Updated by Renato Botelho almost 12 years ago

I couldn't reproduce it here. When I back to edit rule it's set as network and bitmask 32.

Actions

Copy link

Updated by Jim Pingle almost 12 years ago

OK it works correctly in the source box, but not the destination box.

Actions

Copy link

Updated by Renato Botelho almost 12 years ago

Status changed from New to Feedback
% Done changed from 50 to 100

Applied in changeset 965c3e23a60f25d263389bf02b685bb7f20f3915.

Actions

Copy link

#10

Updated by Anonymous almost 12 years ago

Maybe this change broke something, because I have created exactly the same rule on earlier snapshots without any problems:
Trying to add a Block rule for IPv6 ICMP traffic from "Single Host or Alias" fe80::1 always results in a Network Source with fe80::1/32 for me. I'm on the latest snapshot Fri Feb 15 15:43:49 EST 2013. Tried this with multiple browsers.

Actions

Copy link

#11