[Bug 289905] pf: Behavior change when using interface addresses
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 289905] pf: Behavior change when using interface addresses (as intf:0) in pf.conf on interfaces that have multiple address families configure"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 289905] pf: Behavior change when using interface addresses (as intf:0) in pf.conf on interfaces that have multiple address families configured"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 289905] pf: Behavior change when using interface addresses (as intf:0) in pf.conf on interfaces that have multiple address families configured"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 29 Sep 2025 16:12:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289905
Bug ID: 289905
Summary: pf: Behavior change when using interface addresses
Product: Base System
Version: 14.3-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: grembo@FreeBSD.org
Up until including 13.4-RELEASE, this line worked as expected (IPv4 NAT):
rdr on $ext_if proto tcp to $ext_if:0 port 443 -> 10.20.32.86
Starting with 13.5-RELEASE (and likewise on 14.3-RELEASE) the same line gives
this error:
/etc/pf.conf:25: no translation address with matching address family found.
Probably due to $ext_if also having an IPv6 address assigned.
So one is up for a nice surprise after updating the machine - pf is somehow
running, but not really (NAT rules weren't working properly at the very least).
Adding "inet" explicitly fixes the issue:
rdr on $ext_if inet proto tcp to $ext_if:0 port 443 -> 10.20.32.86
If this change is intentional, it would be good if it was mentioned in the
release notes. Ideally, it would be fixed so it just works as expected.
--
You are receiving this mail because:
You are the assignee for the bug.