https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288278
Bug ID: 288278
Summary: pf: rdr rules are not created for all address families
(inet6 and inet) if no address family is given
Product: Base System
Version: 14.3-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Given e0 is an IPv4 and IPv6 capable interface, the pf rule
pass in on e0 proto tcp from any port 1234 to e0:0
properly creates the following two rules:
pass in on e0 inet proto tcp from any port = 1234 to [FIRST_V4ADDR_OF_e0] flags
S/SA keep state
pass in on e0 inet6 proto tcp from any port = 1234 to [FIRST_V6ADDR_OF_e0]
flags S/SA keep state
However, the rule
rdr on e0 proto tcp to port 4321 -> e0:0 port 80
creates only one rule:
rdr on e0 inet proto tcp from any to any port = 4321 -> [FIRST_V4ADDR_OF_e0]
port 80
One has to explicitly specify inet6 to get the missing v6 rule, e.g.
rdr on e0 inet6 proto tcp to port 4321 -> e0:0 port 80
If no address family is given, rdr (didn't check nat) rules should generate
rules for both AFs (if no other part of the rule restricts the AF to be used).
--
You are receiving this mail because:
You are the assignee for the bug.
