diff options
author | ume <ume@FreeBSD.org> | 2010-01-07 17:46:25 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2010-01-07 17:46:25 +0000 |
commit | 41f06dea81abb813f660ca1a0e62636d2549cacd (patch) | |
tree | ebbd52125b1d415f4b67e3d127eb9bb462b1cc13 /etc | |
parent | 8c9e26004955ef5a1a8c11be009cfd43d511e975 (diff) | |
download | FreeBSD-src-41f06dea81abb813f660ca1a0e62636d2549cacd.zip FreeBSD-src-41f06dea81abb813f660ca1a0e62636d2549cacd.tar.gz |
Since the IPv4 rule allows ICMP_TIMXCEED, allow
ICMP6_TIME_EXCEEDED as well for workstation type
firewall. It makes traceroute6 work.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/rc.firewall | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index 639f559..9d29f29 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -505,7 +505,10 @@ case ${firewall_type} in # Allow "mandatory" ICMP in. ${fwcmd} add pass icmp from any to any icmptype 3,4,11 - + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 + fi + # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. # If you really wish to let anyone use services on your |