"LAN net" variable does not create firewall rules for Virtual IP / IP Alias
-
I checked the /tmp/rules.debug file and firewall rules are not being created for Virtual IP / IP Alias on the interface. Looking at the help for firewall at https://doc.pfsense.org/index.php/Firewall_Rule_Basics . It indicates that the LAN net variable "also includes IP alias networks on that interface". I am guess that you are talking about Virtual IP since this is the only place that I see a interface to be specified. Currently on version 2.3.3 .
-
You may set IP aliases which belong to another networks than that one which is set in the interface settings. Such networks are included in the " <interface>net" variable. That's what there meant.
Do you have set up an IP alias in another network or just an IP alias in the same subnet?</interface> -
Do you have set up an IP alias in another network or just an IP alias in the same subnet?
This is for multiple address and netmask on the same interface. Specifically for ULA https://en.wikipedia.org/wiki/Unique_local_address .
-
I did a bit more research and found the following. ULA addressing (RFC 4193) is used on IPv6 native networks only, on dual stack networks IPv4 is used. This is detailed in RFC 6724 due to the precedence of the ULA network. I have since removed any ULA config and will not worry about it until the time comes. I found this information from https://community.infoblox.com/t5/IPv6-Center-of-Excellence/The-headache-of-IPv6-readdressing-and-the-potential-for-ULA/ba-p/6279 . I consider this problem as solved.