Revisiting Bug #4326: Limiters on fw rules where NAT applies drop all traffic

  • I know that bug #4326 is marked fixed in pfSense 2.4.  My question is, for 2.2.x / 2.3.x systems still in production, can someone tell me the specific circumstances where this bug "bites" ?  I read through the redmine ticket but it's filled with 2 years of ambiguities and unconfirmed claims.  All I know is that some combo of limiters + NAT breaks stuff badly.

    I have a 2.2.6 firewall that I think might be hitting this bug, that's why I'm asking.  Thanks to anyone who can clarify.

  • Rebel Alliance Developer Netgate

    Any time when a limiter acts on traffic that also performs NAT on the same interface and direction

    Things such as:

    • Port forward inbound on WAN + Limiter inbound on WAN
    • Limiter outbound on WAN (floating rule) + Outbound NAT
    • Limiter inbound on LAN + NAT redirect on LAN such as squid proxy transparent interception

  • Thank you very much for that

Log in to reply