Bug #3656
closed"LAN network" in v6 rules doesn't work when assigning link-local address to LAN
0%
Description
If you configure a link-local address on an interface, that interface's "network" subnet fails being looked up. For instance, go to Interfaces>LAN, configure it for static IPv6 fe80::1:1/64 for instance, add a v6 rule specifying "LAN subnet" as the source, and you end up with:
# at the break! label "USER_RULE: Default allow LAN IPv6 to any rule"
Updated by Chris Buechler over 10 years ago
note for others who happen upon this, this really isn't a valid config. But there isn't any reason it shouldn't work.
Updated by Chris Buechler about 10 years ago
- Status changed from New to Confirmed
still an issue on latest snapshot. the LAN rule in that scenario ends up as a comment with "at the break".
Updated by Chris Buechler almost 10 years ago
- Priority changed from Normal to Low
- Target version changed from 2.2 to 2.2.1
Updated by Chris Buechler almost 10 years ago
- Target version changed from 2.2.1 to 2.2.2
Updated by Paul K over 9 years ago
This also affects rules with "LAN Interface" not just "LAN Subnet" as source/destination. In order for the rules with "LAN Interface" to work get_interface_ipv6() would have to return link-local address, but that would most likely break quite a few other things. Since this is not really a valid config why not put validation on interface page that would prevent user from assigning fe80::/10 address.
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.2 to 2.2.3
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.3 to 2.3
Updated by Chris Buechler about 9 years ago
- Status changed from Confirmed to Resolved
- Assignee changed from Renato Botelho to Chris Buechler
Added input validation to work around this (and related issues Paul noted) since that's not a valid config anyway.
Put the wrong ticket # on the commit.
https://github.com/pfsense/pfsense/commit/352f808558feda0d3eecefbf150e47d88315a01c