Bug #3717
closed
Adding an IPv6 rule on an interface with IPv6 gateway does not add "reply-to" in the resulting rule - fix proposal attached
0%
Description
Hi,
I had problems with Multi-WAN and two IPv6 tunnelbrokers - incoming traffic would "work" only when coming through the interface, which had the "default gateway" checkbox ticked on its gateway under System: Gateways.
Some search in the forums brought me to the "reply-to" feature, and pfctl -sr showed the following rule:
pass in quick on gif0 inet6 proto ipv6-icmp from any to 2001:xxx:xxxx::/48 icmp6-type echoreq keep state label "USER_RULE: Allow ICMPv6 echo requests"
instead of:
pass in quick on gif0 reply-to (gif0 2001:xxx:xx:xx::1) inet6 proto ipv6-icmp from any to 2001:xxx:xxxx::/48 icmp6-type echoreq keep state label "USER_RULE: Allow ICMPv6 echo requests"
My search brought me to filter_generate_address in filter.inc, where the if-block responsible for the reply-to did check for an IPv4 gateway, but did not check for an IPv6 gateway.
I added the check for an IPv6 gateway, and all IPv6 rules on these interfaces had the "reply-to" added, and incoming traffic would also pass through the secondary gif interface successfully.
I would be happy if my fix proposal is helpful and would be included in some way in the next update release.
My version is 2.1.3-RELEASE (i386).
Regards,
Marc
Files
Updated by Chris Buechler almost 10 years ago
- Category set to Rules / NAT
- Target version set to 2.2
Updated by Renato Botelho almost 10 years ago
- Status changed from New to Resolved
It was already fixed in 93f1d233b27d9aa3347050b2e7138660a23e28f9