pfSense version in use: 2.0.1-RELEASE (i386) built on Mon Dec 12 18:24:17 EST 2011 FreeBSD 8.1-RELEASE-p6
Problem description: When creating a new NAT entry with Associated Filter Rule, the generated packet filter rule lacks the destination port, though it's present in the NAT entry. The redirection port is not explicitly specified. In case one explicitly specifies a redirection port, the filter rule contains the correct destination port. Because pfSense creates rules without regard to existing ones, it is possible to have duplicate filter rules of the form: pass on $wan_if inet proto tcp from any to $some_host Further, this behaviour thwarts the logic of Traffic Shaping as well. Since there's no destination port in the filter rule, one cannot create shaping rules based on this criterion, say, prioritise any traffic coming from $wan_if destined for web services. Steps to reproduce: Just create a new NAT entry with specified destination port and without redirection port and check the generated filter rule. I pretty know how to master this manually, but this is not the point here. I think this is a bug which needs to be corrected. The generated filter rule should have either the destination or redirection port inherited from the NAT entry, depending on what is present. Do you agree? Please let me know if you need further details. Yours, Norman _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
