pfSense

If you add a rule selected as "IPv4+IPv6", but the source or destination is an IPv4 literal, then it is accepted but the firewall ruleset breaks. "pfctl -sr" shows a completely empty ruleset. When you navigate to another page you do get a notification in the web browser:

There were error(s) loading the rules: /tmp/rules.debug:173: rule expands to no valid combination - The line in question reads [173]: pass in quick on $WAN reply-to ( em0 fe80::xxxx:xxff:fexx:xxxx ) inet6 proto tcp from any to 192.0.2.1 flags S/SA keep state label USER_RULE: test]

How to reproduce: add rule for

interface: WAN
TCP/IP version: IPv4+IPv6
protocol: TCP
source: any
destination: 192.0.2.1

Click "Apply changes", then after a few seconds click on the "pfsense" icon to go to dashboard to get the alert.

How this arose: I am moving towards IPv4+IPv6 for all rules, but in this case the host had only one address and I didn't bother to create a named alias for it. Instead I just entered its address directly into the rule.