Hello everyone,
I’ve encountered a traffic forwarding issue after upgrading from 1.4-rolling-202312140922 to 1.5-stream-2025-Q1.
The issue appears to affect certain types of traffic — most likely asymmetric flows within my distributed VPN setup. Even ICMP traffic is impacted: I can see it arriving on the inbound interface via tcpdump, but it doesn’t leave through the outbound interface, despite being correctly routed according to the routing table.
I found a related discussion here: Have to delete firewall global-options state-policy invalid after upgrading to 1.5-stream-2025-Q1 - #8 by Viacheslav , but modifying line 89 didn’t resolve the issue. I also verified that rp_filter is set to 0 on all interfaces.
Could someone please advise what else I should check? What might have changed or broken during the migration to 1.5?
I also noticed that the counter in nftables for my icmp echo-reply rule did not increase, which suggests that the traffic is being dropped earlier:
icmp type echo-reply counter packets 1 bytes 84 accept comment “ipv4-NAM-main-900”
Thank you in advance!