Menu

#269 [5.1.0.3599, PF] IPv6+v4 in one rule with negated source group only generates IPv4 code

open
nobody
None
5
2014-08-11
2014-08-11
Joerg Wunsch
No

When creating a rule that has "not group" as the source address, with "group"
only containing IPv4 addresses, but with both, IPv4 and IPv6 destination
networks, only code for IPv4 is created:

Tables: (1)

table <tbl.r0.s> { 10.1.1.1 , 10.2.2.2 } </tbl.r0.s>

Rule 0 (global)

pass log quick inet from ! <tbl.r0.s> to 192.168.1.1/24 keep state label "RULE 0 -- ACCEPT " </tbl.r0.s>

Rule fallback rule

fallback rule

block quick inet from any to any label "RULE 10000 -- DROP "

1 Attachments
test.fwb

Discussion

Log in to post a comment.

MongoDB Logo MongoDB