Possible bug: IPv6 lists create IPv4 rules



  • Apologies if this has already been covered somewhere else. I have noticed that the webConfigurator pfBlockerNG/IPv6 tab used in the "Deny Both" List Action mode creates a set of firewall rules with an incorrectly selected IPv4 Address Family protocol. Correcting this manually to IPv6 only works till the next update at which point the rule reverts back to IPv4. Unfortunately, that makes the rule unable to achieve its stated goals, as the associated IP alias contains IPv6 addresses—this rule will not be triggered for IPv6 traffic at all when it is configured for IPv4.

    As a workaround, one can just use the pfBlockerNG/IPv6 tab to create a Deny Alias and then create a set of rules manually.
    ![Screen Shot 2017-08-16.jpg](/public/imported_attachments/1/Screen Shot 2017-08-16.jpg)
    ![Screen Shot 2017-08-16.jpg_thumb](/public/imported_attachments/1/Screen Shot 2017-08-16.jpg_thumb)


  • Moderator

    Yes there is a bug with IPv6… You will have to use "alias type" rules for now, until the next release... Sorry...