Actions
Bug #6297
closedrc.linkup doesn't trigger filter reload
Start date:
05/01/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
I've come cross an odd bug. Interfaces that have IPv6 enabled (6rd on WAN, track WAN interface on internal interfaces) sometimes do not properly reload filters when an interface that is DOWN comes back UP. I'm attaching a text document of my system logs to help illustrate this issue.
<br />
<br />
Background Information:
I'm on ATT U-verse. I've configured my Residential Gateway to be in "bridge mode" and have configured my pfSense box to be the router. ATT uses 6rd for IPv6 connectivity (not sure how relevant that is, but I'm including it anyway.) I have configured my router like this:
<br /><br />
pfSense |-- WAN (xxx.xxx.xxx.xxx, 6rd IPv6 - 2602:300::/28) |-- LAN (172.16.10.0/24, IPv6 disabled) |-- OPT1 (172.16.11.0/24, Track interface WAN) |-- OPT2 (172.16.11.0/24, Track interface WAN) |-- OPT3 (172.16.11.0/24, IPv6 disabled) |-- OPT4 (172.16.11.0/24, Track interface WAN)
<br /><br />
In short, every interface is effectively it's own subnet in RFC1918 space and has IPv6 enabled and tracks the WAN interface. Some interfaces only have one device connected to them, such as a personal desktop. LAN (172.16.10.1/24) and OPT3 (172.16.13.1/24) are IPv4 only. What you'll observe in the logs is that when OPT3 changes from DOWN to UP, I can see a filter reload occur in the system logs "check_reload_status -> Reloading filter". However, when "opt1 with ipv6 address 2602:30X:XXXX:XXXX::1" changes from DOWN to UP, I don't see a filter reload occur. This causes all traffic on OPT1 to be block, regardless of what rules you have in place. If you go to "Status -> Filter Reload -> Reload" this changes resets the rules on OPT1 to what you have configured, allowing inbound/outbound traffic as per rules.
Files
Actions