Ticket #2412. Also allow ipv6 traffic to flow on the stf interface

1 files changed, 4 insertions, 0 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index c891200..dbca698 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2658,6 +2658,8 @@ EOD;
 # allow our proto 41 traffic from the 6RD border relay in
 pass in on \${$oc['descr']} proto 41 from {$config['interfaces'][$on]['gateway-6rd']} to any label "Allow 6in4 traffic in for 6rd on {$oc['descr']}"
 pass out on \${$oc['descr']} proto 41 from any to {$config['interfaces'][$on]['gateway-6rd']} label "Allow 6in4 traffic out for 6rd on {$oc['descr']}"
+pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "Allow 6rd traffic in for 6rd on {$oc['descr']}"
+pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "Allow 6rd traffic out for 6rd on {$oc['descr']}"
 
 EOD;
 			break;
@@ -2666,7 +2668,9 @@ EOD;
 
 # allow our proto 41 traffic from the 6to4 border relay in
 pass in on \${$oc['descr']} proto 41 from any to {$oc['ip']} label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}"
+pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}"
 pass out on \${$oc['descr']} proto 41 from {$oc['ip']} to any label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}"
+pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}"
 
 EOD;
 			break;