Netgate SG-1000 microFirewall

Author Topic: Rule matching with "WAN address" for IPv6 is broken?  (Read 2497 times)

0 Members and 1 Guest are viewing this topic.

Offline bkraptor

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +0/-0
    • View Profile
Rule matching with "WAN address" for IPv6 is broken?
« on: September 06, 2013, 08:40:18 am »
I have an inbound rule for IPv6 with destination selected as "WAN address" and protocol IPv6 from the drop-down lists. The traffic destined to the WAN IPv6 address is not matched by the rule and gets discarded by the default deny rule. When I replace the destination with "any", the traffic is not discarded any more.

2.1-RC2 (amd64)
built on Thu Sep 5 21:38:32 EDT 2013

IPv4 is PPPoE, IPv6 is via DHCPv6, with "Use IPv4 connectivity as parent interface" checked.

Another, possibly related, issue is that the IPv6 address is not listed under the WAN interface in Status -> Interfaces, nor in the text console menu, although it can be seen via ifconfig on the pppoe1 interface.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21619
  • Karma: +1484/-26
    • View Profile
Re: Rule matching with "WAN address" for IPv6 is broken?
« Reply #1 on: September 06, 2013, 12:02:42 pm »
Your last note may be correct there, if it can't determine the IP for that it may not know it for use in firewall rules.

I ran a test here with a static config and it does properly form the expected rule.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!