invalid rule written due to ipv6 ipalias being present
The following rule is generated due to a IPv6 alias being present, this is supposed to fill a array of vips6 , but adds a mode item for the vips array. This causes the empty rule..
pass out route-to ( em0 192.168.0.1 ) from to !/ tracker 1000017468 keep state allow-opts label "let out anything from firewall host itself"
#6 Updated by Eric Machabert about 1 year ago
After upgrade from 2.4.2_P1 to 2.4.3_P1, having a cluster configuration with a WAN interface holding an IPV4 CARP AND an IPV6 CARP the problem is back.
It looks like the code parsing the VIPs in filter.inc misunderstand the IPv6 CARP VIP as a ipV4 VIP so it enter the ipv4 loop and because " $gw = get_interface_gateway($ifdescr)" returns the IPV4 GW, then tries to generate the pass out rule on empty values...
I removed my IPV6 CARP on the WAN interface and there is no more problem.