diff options
| author | Ermal <eri@pfsense.org> | 2013-01-30 10:37:49 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2013-01-30 10:37:49 +0000 |
| commit | 8dd9f19a79773c997778707d0b66b8b45f725643 (patch) | |
| tree | 20c4085ba5048c3c380e82ad2c7e9719f2a0e709 | |
| parent | a6bc492fecd64a3a9f3b4cc4a003d6761494a694 (diff) | |
| download | pfsense-8dd9f19a79773c997778707d0b66b8b45f725643.zip pfsense-8dd9f19a79773c997778707d0b66b8b45f725643.tar.gz | |
Ticket #2412 6to4 can come from any source. Also tighten rule that reply comes only to the dedicated interface for this rather than any other interface
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 883b737..c891200 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2665,8 +2665,8 @@ EOD; $ipfrules .= <<<EOD # allow our proto 41 traffic from the 6to4 border relay in -pass in on \${$oc['descr']} proto 41 from 192.88.99.1 to (self) label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}" -pass out on \${$oc['descr']} proto 41 from (self) to 192.88.99.1 label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}" +pass in on \${$oc['descr']} proto 41 from any to {$oc['ip']} label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}" +pass out on \${$oc['descr']} proto 41 from {$oc['ip']} to any label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}" EOD; break; |
