I have an IPv6-enabled system, and noticed that the automatically generated rule 'let out anything from firewall host itself' is IPv4 only, and I couldn't find a similar rule for IPv6. Are more people seeing this?
Hello :)
This code in the legacy page is a bit wild in my opinion:
https://github.com/opnsense/core/blob/master/src/www/firewall_rules.php#L54-L68
So, yes, it's a bug but only a visual one. We will discuss what to do.
A ticket is appreciated so this won't be forgotten.
Cheers,
Franco
Thanks, ticket is here: https://github.com/opnsense/core/issues/9858 (https://github.com/opnsense/core/issues/9858)
Has this changed? The form as of 25.7.11 is:
pass out log all flags S/SA keep state allow-opts label "[label]"
No IP version specified. Edit: The GUI shows IP4+IPv6. Second edit: Bah! I see: In the Automation rules (again, 25.7.11). The default deny rule is a pair.
If you look at the code I referenced it mocks the IPvX display based on the source and destination of the rule in the legacy GUI when it's not there meaning both IP families. This is a wider issue than just this single rule. It may be better to avoid guessing and just display "*" if we don't explicitly know cut down the code.
Cheers,
Franco
Ad already committed something:
https://github.com/opnsense/core/commit/d348a53d03
and https://github.com/opnsense/core/commit/ab7e80abe1 on top