pfSense

Network Prefix Translation rules that worked on 2.3.2 are causing a filter reload error on 2.4

Real addresses masked below.

GUI Config:
Firewall > NAT, NPt tab (/firewall_nat_npt.php)

• Disabled: Unchecked
• Interfaces: HENETV6
• Internal Prefix NOT: Unchecked
• Internal Prefix Address: 2001:db8:1:D000::/52
• Destination Prefix NOT: Unchecked
• Destination Prefix Address: 2001:xxxx:xxxx:D000::/52
• Description: Test Net 2

Log message produced:

Dec 5 13:54:48     php-fpm     23620     /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52

Lines for this NPt entry in /tmp/rules.debug (lines 136-137):

binat on $HENETV6 from 2001:db8:1:D000::/52 to any -> 2001:xxxx:xxxx:D000::/52
binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52

I'll push a commit to comment out the second line to prevent the filter reload error momentarily so that it does not negatively impact others until a fix is determined. It may be that the second line is no longer needed, but testing is required to confirm that yet.