https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-04-05T14:33:31ZpfSense bugtrackerpfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=362452018-04-05T14:33:31ZJim Pingle
<ul><li><strong>Assignee</strong> set to <i>Jim Pingle</i></li></ul><p>I was finally able to replicate this and confirm the fix, PR merged, thanks!</p> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=362462018-04-05T14:33:42ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=363022018-04-09T11:25:16ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Problematic test cluster has no errors on a snapshot containing the fix. Looks good here.</p> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=364682018-05-03T13:21:44ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.4</i> to <i>2.4.3-p1</i></li></ul> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=365452018-05-16T02:55:33ZRudolf Mayerhofer
<ul></ul><p>I've started seeing this behaviour after upgrading the slave node of my cluster setup to 2.4.3_1 <br />Thankfully the primary node is still on 2.4.3 and working just fine</p>
<p>Unfortunately this is likely not fully fixed!</p> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=365462018-05-16T03:04:44ZEric Machabertemachabert@sqli.com
<ul></ul><p>After upgrade from 2.4.2_P1 to 2.4.3_P1, having a cluster configuration with a WAN interface holding an IPV4 CARP AND an IPV6 CARP the problem is back.</p>
<p>It looks like the code parsing the VIPs in filter.inc misunderstand the IPv6 CARP VIP as a ipV4 VIP so it enter the ipv4 loop and because " $gw = get_interface_gateway($ifdescr)" returns the IPV4 GW, then tries to generate the pass out rule on empty values...</p>
<p>I removed my IPV6 CARP on the WAN interface and there is no more problem.</p> pfSense - Bug #8408: invalid rule written due to ipv6 ipalias being presenthttps://redmine.pfsense.org/issues/8408?journal_id=365552018-05-16T11:41:48ZJim Pingle
<ul></ul><p>Anyone else hitting what they believe is this bug is probably hitting <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1 (Resolved)" href="https://redmine.pfsense.org/issues/8518">#8518</a> instead. Put comments there.</p>