Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.6.2 HF1, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.6.0, 11.5.1 HF5, 11.5.0 HF1, 11.4.1 HF4, 11.3.0 HF9, 11.2.1 HF11, 10.2.4 HF8
Opened: Feb 03, 2014 Severity: 3-Major Related Article:
K15601
When a packet filter is created with an order greater than 32767, attempts to delete this filter will fail. Error messages can be seen in /var/log/tmm* when a packet filter object is deleted (or possibly created).
Unknown (inexplicable) impact on traffic: - Packet filters that have been deleted may continue to exist in TMM - Older versions of rules (that have been deleted/recreated) may continue to be applied to traffic
Packet filter rules with an order between 32768 and 65535 (inclusive).
- To prevent this condition from occurring in the first place, restrict packet filter 'order' to 1-32767 (inclusive). - To remove the phantom/incorrect packet filter rules from the packet path (TMM), restart TMM ("bigstart restart tmm", which may need to run on each blade of a chassis system).
Ensured that packet filters with orders greater than 32767 are able to be deleted.