[Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 09 Sep 2024 17:38:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701

Gleb Smirnoff <glebius@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|Open                        |Closed

--- Comment #81 from Gleb Smirnoff <glebius@FreeBSD.org> ---
The first and original regression reported with this bug has been resolved and
fixed.  The original bug report

> replies to ping initiated from machines on networks behind pf firewall/NAT
> to anything outside the local networks get blocked (state violation),
> resulting in 'Request timed out'.

was fixed by 2da98eef1f35, 46c4fc50d301.

However, there are reports of more regressions remaining in the OPNsense fork,
that were not confirmed on FreeBSD, yet.  With the official policy of one bug
per bug report the FreeBSD core team is forcing this bug into closed state.

For any other bugs related or not to SA-24:05 we request submitters to create
separate bug reports.  We also recommend to provide at least reproduce recipes
or at most atf(7) automated test cases.  That would speed up bug resolving
immensely.

Finally, I'd like to remind that the project code of conduct applies not only
to the developers with a commit access, but to all participants in any
discussion in the project space:

https://www.freebsd.org/internal/code-of-conduct/

-- 
You are receiving this mail because:
You are the assignee for the bug.