diff options
author | smos <seth.mos@dds.nl> | 2012-04-02 14:29:33 +0200 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2012-04-02 14:29:33 +0200 |
commit | a94f97b572ae9a4144e519c1dd550de899ddbc9b (patch) | |
tree | edb6ed0d351d636e8c51c0445be28134b12560b9 | |
parent | 73778c3f3abb4a7fe3fcf4e9b99f7dad0ac3e5c4 (diff) | |
download | pfsense-a94f97b572ae9a4144e519c1dd550de899ddbc9b.zip pfsense-a94f97b572ae9a4144e519c1dd550de899ddbc9b.tar.gz |
Add quick to the DHCP6 client and server rules
-rw-r--r-- | etc/inc/filter.inc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8bf421c..c032ca7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2491,9 +2491,9 @@ EOD; $ipfrules .= <<<EOD # allow our DHCPv6 client out to the {$oc['descr']} -pass in on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "allow dhcpv6 client in {$oc['descr']}" -pass in on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "allow dhcpv6 client in {$oc['descr']}" -pass out on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "allow dhcpv6 client out {$oc['descr']}" +pass in quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "allow dhcpv6 client in {$oc['descr']}" +pass in quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "allow dhcpv6 client in {$oc['descr']}" +pass out quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "allow dhcpv6 client out {$oc['descr']}" EOD; break; @@ -2522,12 +2522,12 @@ EOD; # allow access to DHCPv6 server on {$oc['descr']} anchor "dhcpv6server{$oc['descr']}" # We need inet6 icmp for stateless autoconfig and dhcpv6 -pass log on \${$oc['descr']} inet6 proto udp from fe80::/10 to fe80::/10 port = 546 label "allow access to DHCPv6 server" -pass log on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 546 label "allow access to DHCPv6 server" -pass log on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 547 label "allow access to DHCPv6 server" -pass log on \${$oc['descr']} inet6 proto udp from ff02::/16 to fe80::/10 port = 547 label "allow access to DHCPv6 server" -pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to {$oc['ipv6']} port = 546 label "allow access to DHCPv6 server" -pass out on \${$oc['descr']} inet6 proto udp from {$oc['ipv6']} port = 547 to fe80::/10 label "allow access to DHCPv6 server" +pass quick on \${$oc['descr']} inet6 proto udp from fe80::/10 to fe80::/10 port = 546 label "allow access to DHCPv6 server" +pass quick on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 546 label "allow access to DHCPv6 server" +pass quick on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 547 label "allow access to DHCPv6 server" +pass quick on \${$oc['descr']} inet6 proto udp from ff02::/16 to fe80::/10 port = 547 label "allow access to DHCPv6 server" +pass in quick on \${$oc['descr']} inet6 proto udp from fe80::/10 to {$oc['ipv6']} port = 546 label "allow access to DHCPv6 server" +pass out quick on \${$oc['descr']} inet6 proto udp from {$oc['ipv6']} port = 547 to fe80::/10 label "allow access to DHCPv6 server" EOD; } |