Skip to content

Flashstart bypass: bypassed IPs still redirected to catch-all DNS rule #1393

New issue
New issue
Closed
Bug
#1405
Closed
Flashstart bypass: bypassed IPs still redirected to catch-all DNS rule#1393
Bug
#1405
Labels
verifiedAll test cases were verified successfully
Milestone
NethSecurity 8.8
@Tbaile

Description

@Tbaile
Tbaile
opened on Oct 8, 2025

Steps to reproduce

  • Add hosts to the IPSet for Flashstart bypass.
  • Enable Flashstart ProPlus
  • Observe that DNS requests from these hosts are still redirected to port 53 of the firewall, not bypassed

Expected behavior

  • Hosts in the Flashstart bypass IPSet should bypass DNS filtering and send DNS queries freely without being caught by the catch-all rule

Actual behavior

  • DNS traffic from hosts in the bypass IPSet is still being redirected to the firewall, not bypassed.
  • Catch-all rule incorrectly applies to bypassed IPs, especially after updates or profile changes.
  • Manual workaround is required to restore intended behavior after rules are lost.

Components

  • ns-flashstart 1.0.2

See also

Metadata

Metadata

Assignees

No one assigned

    Labels

    verifiedAll test cases were verified successfully

    Type

    Bug

    Projects

    NethSecurity

    Status

    Done ✅

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions