diff options
| author | ume <ume@FreeBSD.org> | 2005-10-05 07:00:42 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2005-10-05 07:00:42 +0000 |
| commit | a358b1f631f4f2d790b8e98b419e92c9090ad6dd (patch) | |
| tree | 229a8479c8176e65479a94d437c6f9ec781626ff | |
| parent | 92481f8cb00422ae7de0a8693c3c7efed6ee221b (diff) | |
| download | FreeBSD-src-a358b1f631f4f2d790b8e98b419e92c9090ad6dd.zip FreeBSD-src-a358b1f631f4f2d790b8e98b419e92c9090ad6dd.tar.gz | |
stop RFC 4193 address on the outside interface.
MFC after: 1 day
| -rw-r--r-- | etc/rc.firewall6 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/rc.firewall6 b/etc/rc.firewall6 index 289b7dc..c14a09a 100644 --- a/etc/rc.firewall6 +++ b/etc/rc.firewall6 @@ -188,6 +188,10 @@ case ${ipv6_firewall_type} in ${fw6cmd} add deny all from ${inet}/${iprefixlen} to any in via ${oif} ${fw6cmd} add deny all from ${onet}/${oprefixlen} to any in via ${iif} + # Stop unique local unicast address on the outside interface + ${fw6cmd} add deny all from fc00::/7 to any via ${oif} + ${fw6cmd} add deny all from any to fc00::/7 via ${oif} + # Stop site-local on the outside interface ${fw6cmd} add deny all from fec0::/10 to any via ${oif} ${fw6cmd} add deny all from any to fec0::/10 via ${oif} |
