Project

General

Profile

Actions
Copy link

Bug #5424

closed

outbound state not created for TCP IPv6 traffic matching route-to rule

Added by Chris Buechler about 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Luiz Souza
Category:
Operating System
Target version:
2.3
Start date:
11/11/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:

Description

IPv6 TCP traffic passed in by a rule specifying route-to on the ingress interface doesn't get a state created on the egress interface.

To replicate, just edit the default LAN rule for IPv6 and specify a gateway. All TCP traffic from LAN will stop working. The SYN leaves correctly, SYN ACK comes back and gets blocked because of the missing state.

Actions
Copy link
 #1

Updated by Luiz Souza almost 9 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

Fixed. There was a bug in FreeBSD that makes pf_test_rule() skip the state creation in this situation.

[[https://github.com/pfsense/FreeBSD-src/commit/7ed1aac3e1029b1f7ebe0d4153de5048f02db8c9]]

Actions
Copy link
 #2

Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

works

Actions
Copy link
 #3

Updated by Jim Pingle almost 9 years ago

Yep, definitely fixed. I upgraded my edge firewall and put my v6 policy routing back and it's all working again.

Actions
Copy link

Also available in: Atom PDF