Bug #6985
closedNPt rules are causing a filter error on 2.4
100%
Description
Network Prefix Translation rules that worked on 2.3.2 are causing a filter reload error on 2.4
Real addresses masked below.
GUI Config:Firewall > NAT, NPt tab (/firewall_nat_npt.php)
- Disabled: Unchecked
- Interfaces: HENETV6
- Internal Prefix NOT: Unchecked
- Internal Prefix Address: 2001:db8:1:D000::/52
- Destination Prefix NOT: Unchecked
- Destination Prefix Address: 2001:xxxx:xxxx:D000::/52
- Description: Test Net 2
Log message produced:
Dec 5 13:54:48 php-fpm 23620 /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52
Lines for this NPt entry in /tmp/rules.debug (lines 136-137):
binat on $HENETV6 from 2001:db8:1:D000::/52 to any -> 2001:xxxx:xxxx:D000::/52 binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52
I'll push a commit to comment out the second line to prevent the filter reload error momentarily so that it does not negatively impact others until a fix is determined. It may be that the second line is no longer needed, but testing is required to confirm that yet.
Updated by Jim Pingle about 8 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 9c8ce38b01fb59dbd474367f77e8de67655f0275.
Updated by Luiz Souza about 8 years ago
Fixed the parsing issue on pf (and reverted the workaround): https://github.com/pfsense/FreeBSD-src/commit/e4a708b0c1bb4ae70299820f97204a5b9b8fcd1e
Thanks for the debug info.
Updated by Jim Pingle about 8 years ago
- Status changed from Feedback to Resolved
Looks good on a current snapshot