Project

General

Profile

Actions
Copy link

Bug #598

closed

Need to block carp traffic to hosts self to avoid loops

Added by Scott Ullrich over 14 years ago. Updated about 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
2.0
Start date:
05/14/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

block in log quick proto carp from (self) to any

Without this change if the firewall sees traffic for itself (ethernet loop) then it will cause the host to go to backup mode.

Actions
Copy link
 #1

Updated by Jim Pingle over 14 years ago

  • Status changed from New to Resolved

The antispoof directive we already have on each interface should already prevent such looping, or any traffic from entering an interface that has a source address that belongs to the router itself.

Actions
Copy link
 #2

Updated by Chris Buechler over 14 years ago

  • Status changed from Resolved to New

That's not the case, I think because of the state that sending the traffic creates (maybe). Otherwise VMware's looping multicast bug wouldn't flake out CARP and OSPF.

Actions
Copy link
 #3

Updated by Scott Ullrich over 14 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Chris Buechler over 14 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #5

Updated by Michele Di Maria about 13 years ago

Hi,
this change is causing a lot of logs in the case there are two nics on the same network segment. See http://forum.pfsense.org/index.php/topic,43102.0.html.
Is it necessary to log this events?

Actions
Copy link

Also available in: Atom PDF