diff options
author | smos <seth.mos@dds.nl> | 2012-04-09 14:14:12 +0200 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2012-04-09 14:14:12 +0200 |
commit | 6e5d84ba22f252019e634152ca1a87d1b3d6dd74 (patch) | |
tree | 7f51e855250089cd3bc18dae65e7ba180aec438b | |
parent | c616b3c73e6432aad71c22e75cc8a03e533169ca (diff) | |
download | pfsense-6e5d84ba22f252019e634152ca1a87d1b3d6dd74.zip pfsense-6e5d84ba22f252019e634152ca1a87d1b3d6dd74.tar.gz |
Restore this piece of logic, otherwise the firewall rules break.
-rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d8a4dce..806cbc8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2570,7 +2570,17 @@ EOD; $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; $gwv6 = get_interface_gateway_v6($ifdescr); - $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); + switch($ifcfg['type6']) { + case "6rd": + case "6to4": + $stf = stf0; + $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); + break; + default: + $stf = $ifcfg['if']; + $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); + break; + } if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6'])) $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']}/$pdlen to !{$ifcfg['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n"; } |