Ipv6 host table entries added as a full /32 subnet

  • I don't know how long this has been happening, but I just noticed it today, and it is still happening on the latest snapshot:

    2.1-BETA0 (amd64)
    built on Thu Jun 28 03:21:18 EDT 2012
    FreeBSD 8.3-RELEASE-p3

    I have lists of FQDN hostnames that I like to either block or allow in some fashion through pfsense.

    If the FQDN that I add has an AAAA record it is added to the list but as a /32 network, which is a whole lot of IP addresses in IPv6 but (of course) only one IP in IPv4.

    To test:

    in webconfigurator:

    go to Firewall –> Aliases

    under the IP tab, click the + icon to create a new IP alias list

    name the list and add a FQDN that contains at least one AAAA record.  I suggest www.google-analytics.com

    click the save button

    click the Apply Changes Button

    go to Diagnostics --> Tables

    find the newly created table and look at the bottom.  In my case the IPv6 alias is there as a /32:


    Another probably non-important issue with these tables is that when you delete an alias list from Firewall --> Aliases it doesn't get deleted (at least right away) from Diagnostics --> Tables

  • bump

    Does anyone else have the same problem?  This is kind of major for me as I can't even use a fully qualified domain name in a host alias list if it resolves to an IPv6 IP address.  If it does, it will add the IPv6 IP address to the aliases table as a /32 network.  This breaks the whole concept of FQDN hosts in an alias table…

    I have looked through the code to see if I could find where the /32 is being added in the case where a FQDN host is entered.

    It may be in one of these files but I may be wrong ;-) :


    I am not a javascripter so I may be completely wrong, but this seems to leave out the case of is_ipv6


    function address_to_pconfig has no case for a /128 and falls through to a /32:

    if (!$pmask)
                            $pmask = 32; 

  • Rebel Alliance Developer Netgate

Log in to reply