From nobody Thu Jul 17 19:07:22 2025
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bjj961c7hz627L9
	for <bugs@mlmmj.nyi.freebsd.org>; Thu, 17 Jul 2025 19:07:22 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bjj956R5xz3JKZ
	for <bugs@FreeBSD.org>; Thu, 17 Jul 2025 19:07:21 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1752779241;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CPH1auEkqsLLKSgFMPSEaHyzthM+ovjC2YE7hTZkrFY=;
	b=tdELPpwSoY1HclppcDXTszDyovpH7KLdKzc6ocE6fCL+PT4O5JKGPtWaolzb3N8r83p7On
	yjJ7WPVOS4TOPxkXXRLRJ60qL6tKghxn3qZU5ACL041vO+1d8IHAV7RAwdvWkHuNfclcVY
	HhRz1pMufv2fsydjefhtusqKHi25pXypOlQF0xeLqba5qdMr7kZIYLPVQXaZYdeYm43f5W
	fMjCOL7frnk0CFNPIarWlD/MzE8Rs1Yv6adHxCIjSJaGzNSubwyOeXrez769RoMwbjycDs
	64dcA8MCa6vACmSmJeJLd6Uvxoe+UrwoorJbBxAQC5al1rxVy/hqI6kDs846Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1752779241;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CPH1auEkqsLLKSgFMPSEaHyzthM+ovjC2YE7hTZkrFY=;
	b=NEc8L0XjWyW1B+3W361jfQ1z3wpB6fAtlO7anna3IBD3K8sKN4L47JVBP5u1w5cDk119ad
	+irA4ifAowGR9VNkl5iuThdTFOjoJWaWlAvyiueYxHaE+ruY3ZuyokxIAC8sWSOQx2s21l
	z/v7ylzI4DIW4PfTQVuC94BQ7qV6BZ+M31rZejW12/C3KcMe3ZQpsa6rdHNjVTjofeLDFR
	S97Xig6HUP29OzenevY6PMpyD5itDy07MT8IEPzuQ4EylZcj3RHtZpoa4Q0zFH2iKHQGuo
	5vQl7Nv1zxOQ793r/Pt8sIbbKT3+M8IwPKgDRJl2HcJ/X4OcFRfGJvOwAWB5Kg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752779241; a=rsa-sha256; cv=none;
	b=x7lv9v1RfcVyYrLxYOeaq7NhH9UcZVVc2EppkBKsFkyGUGLExeCrPoqPOPheEmTuZgUwrC
	MOXv+FM3BS3prm0pTBZPzCo3OohnkGfhm0ut60GvcBG8H0wuEO6wYepc0+jlke9i/qvRNE
	o0hFlZje2uRefO4+ggnQwkJdcBLveIT+KwdfVIhrUzUnFtOs14ddkk6eibg+EH/AtSW0jg
	qHswejeRHr3rwsj6gtfbhzIAw6SrSqPUrHW5DYoFoDGfvJ/HHD0EpWYY6Du7Llz7hZGJ4H
	+ktCnmcGkt/Fl9wBz+pANDMO+ppToUwxBIaRRtsZRJF7Rd6FqRO/U7nk3uoYtQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bjj955wrkz176N
	for <bugs@FreeBSD.org>; Thu, 17 Jul 2025 19:07:21 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 56HJ7LeY065315
	for <bugs@FreeBSD.org>; Thu, 17 Jul 2025 19:07:21 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 56HJ7LHi065314
	for bugs@FreeBSD.org; Thu, 17 Jul 2025 19:07:21 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 288278] pf: rdr rules are not created for all address families
 (inet6 and inet) if no address family is given
Date: Thu, 17 Jul 2025 19:07:22 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 14.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: mail@fbsd2.e4m.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-288278-227@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D288278

            Bug ID: 288278
           Summary: pf: rdr rules are not created for all address families
                    (inet6 and inet) if no address family is given
           Product: Base System
           Version: 14.3-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: mail@fbsd2.e4m.org

Given e0 is an IPv4 and IPv6 capable interface, the pf rule

pass in on e0 proto tcp from any port 1234 to e0:0

properly creates the following two rules:

pass in on e0 inet proto tcp from any port =3D 1234 to [FIRST_V4ADDR_OF_e0]=
 flags
S/SA keep state
pass in on e0 inet6 proto tcp from any port =3D 1234 to [FIRST_V6ADDR_OF_e0]
flags S/SA keep state

However, the rule

rdr on e0 proto tcp to port 4321 -> e0:0 port 80

creates only one rule:

rdr on e0 inet proto tcp from any to any port =3D 4321 -> [FIRST_V4ADDR_OF_=
e0]
port 80

One has to explicitly specify inet6 to get the missing v6 rule, e.g.

rdr on e0 inet6 proto tcp to port 4321 -> e0:0 port 80

If no address family is given, rdr (didn't check nat) rules should generate
rules for both AFs (if no other part of the rule restricts the AF to be use=
d).

--=20
You are receiving this mail because:
You are the assignee for the bug.=