Automatic F/W rule installed for CARP, when CARP is admin disabled

Started by hharry, December 02, 2024, 11:37:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 02, 2024, 11:37:55 PM Last Edit: December 02, 2024, 11:46:12 PM by hharry
It seems the is an automatic IPv4 CARP rule is applied, when CARP is administratively disabled.

Can this tidied up?, such that when  CARP is admin disabled, the automatic rule's are removed...

December 02, 2024, 11:46:44 PM #1
They do not open any attack vector, so why?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 02, 2024, 11:49:01 PM #2
there mere fact that the rule is installed, and enabled, when CARP is admin disabled is sloppy in itself...needs to cleaned up....

It should be a simple trivial fix, so why you need to debate a useless point ?
December 02, 2024, 11:51:27 PM #3
Sorry, but disagree. It's perfectly feasible to have a set of static "always active" rules that provide fundamental functions even if these are not used. Like IPv6 neighbour discovers, IPv4 ARP, ...

There are bigger fish to fry in the firewall space.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 03, 2024, 12:06:08 AM #4
and this type of response is why opnsense can never be taken as a serious F/W....
December 03, 2024, 01:00:39 PM #5
Nothing kills security faster than complexity. Fewer rules are always better. So I agree with hharry. If a feature is off, the rules shouldn't be there. This is the same reason why I would like to see the policy routing rule set by "Disable force gateway" be disabled by default or removed entirely.
Print
Go Up Pages1
User actions