Missing data validation for IPv4+IPv6 rule with IPv4 literal address
If you add a rule selected as "IPv4+IPv6", but the source or destination is an IPv4 literal, then it is accepted but the firewall ruleset breaks. "pfctl -sr" shows a completely empty ruleset. When you navigate to another page you do get a notification in the web browser:
There were error(s) loading the rules: /tmp/rules.debug:173: rule expands to no valid combination - The line in question reads : pass in quick on $WAN reply-to ( em0 fe80::xxxx:xxff:fexx:xxxx ) inet6 proto tcp from any to 192.0.2.1 flags S/SA keep state label USER_RULE: test]
How to reproduce: add rule for
TCP/IP version: IPv4+IPv6
Click "Apply changes", then after a few seconds click on the "pfsense" icon to go to dashboard to get the alert.
How this arose: I am moving towards IPv4+IPv6 for all rules, but in this case the host had only one address and I didn't bother to create a named alias for it. Instead I just entered its address directly into the rule.