Bug #7033
closed
Hidden rule break the policy routing
0%
Description
Hello
I found a hidden rule who break the policy routing.
The rule :
pass out route-to ( lagg0_vlan2000 192.168.0.5 ) from 192.168.0.10 to !192.168.0.0/24 tracker 1000008011 keep state allow-opts label "let out anything from firewall host itself"
pass out route-to ( lagg0_vlan2000 192.168.0.5 ) from 192.168.0.12 to !192.168.0.0/24 tracker 1000008012 keep state allow-opts label "let out anything from firewall host itself"
If i create a rule for routing a specific traffic to an other gateway (192.168.0.1) which is on the same subnet as my default gateway (192.168.0.5) the traffic will always be routed to my default gateway (192.168.0.5) because of this hidden rule.
If i create the rule to a gateway in an other subnet (172.19.11.3 for exemple), the policy routing work well.
On this topic you can have more informations about my setup and the bug.
https://forum.pfsense.org/index.php?topic=122206.0
Actually i don't understand the real purpose of this rule. Following the code, this hidden rule is not applied to "virtual" interfaces (openvpn/l2tp/ipsec interfaces), it's only applied for the firewall ip and the vip on the wan side.
Thank you.
Files
Updated by 
Updated by 
Updated by 