Actions
Bug #5424
closedoutbound state not created for TCP IPv6 traffic matching route-to rule
Start date:
11/11/2015
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
Description
IPv6 TCP traffic passed in by a rule specifying route-to on the ingress interface doesn't get a state created on the egress interface.
To replicate, just edit the default LAN rule for IPv6 and specify a gateway. All TCP traffic from LAN will stop working. The SYN leaves correctly, SYN ACK comes back and gets blocked because of the missing state.
Updated by Luiz Souza about 9 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Fixed. There was a bug in FreeBSD that makes pf_test_rule() skip the state creation in this situation.
[[https://github.com/pfsense/FreeBSD-src/commit/7ed1aac3e1029b1f7ebe0d4153de5048f02db8c9]]
Updated by Jim Pingle about 9 years ago
Yep, definitely fixed. I upgraded my edge firewall and put my v6 policy routing back and it's all working again.
Actions