diff options
| author | Chris Buechler <cmb@pfsense.org> | 2013-03-12 01:48:56 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2013-03-12 01:48:56 -0500 |
| commit | ac135e422b704e6e778b3cd9614da93c2349a851 (patch) | |
| tree | b1b69f7117a892183bc4ac0d8bb76cb76da4796b | |
| parent | e92e83d4e2e3465bca9ca6d3cc4f746ef6566476 (diff) | |
| download | pfsense-ac135e422b704e6e778b3cd9614da93c2349a851.zip pfsense-ac135e422b704e6e778b3cd9614da93c2349a851.tar.gz | |
use logging on the block all v6 rules if default is log
| -rw-r--r-- | etc/inc/filter.inc | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b88e139..70aef9f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2409,12 +2409,6 @@ function filter_rules_generate() { $mt = microtime(); echo "filter_rules_generate() being called $mt\n"; } - - if(!isset($config['system']['ipv6allow'])) { - $ipfrules .= "# Block all IPv6\n"; - $ipfrules .= "block in inet6 all label \"Block all IPv6\"\n"; - $ipfrules .= "block out inet6 all label \"Block all IPv6\"\n"; - } $pptpdcfg = $config['pptpd']; @@ -2433,6 +2427,13 @@ function filter_rules_generate() { $log = "log"; else $log = ""; + + if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Block all IPv6\n"; + $ipfrules .= "block in {$log} quick inet6 all label \"Block all IPv6\"\n"; + $ipfrules .= "block out {$log} quick inet6 all label \"Block all IPv6\"\n"; + } + $ipfrules .= <<<EOD #--------------------------------------------------------------------------- # default deny rules |
