diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-09-14 19:01:08 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-09-14 19:01:08 -0500 |
commit | 32cf6a0c1c9ceb726e245343816342d173bb06d7 (patch) | |
tree | 9c3a11c7740acfc623b0e3b4ba0576a2cf69921e | |
parent | 9fb19cab962fd97fa19054c1f5cf0246a08e2978 (diff) | |
download | pfsense-32cf6a0c1c9ceb726e245343816342d173bb06d7.zip pfsense-32cf6a0c1c9ceb726e245343816342d173bb06d7.tar.gz |
Only add 6rd rules if there is an IPv4 IP defined for the gateway,
otherwise ruleset ends up invalid. Ticket #4935
-rw-r--r-- | etc/inc/filter.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cfb40c9..69dab1a 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -3128,12 +3128,15 @@ EOD; $tracker = $saved_tracker; switch($oc['type6']) { case "6rd": - $ipfrules .= <<<EOD + if (is_ipaddrv4($config['interfaces'][$on]['gateway-6rd'])) { + $ipfrules .= <<<EOD # allow our proto 41 traffic from the 6RD border relay in pass in {$log['pass']} on \${$oc['descr']} proto 41 from {$config['interfaces'][$on]['gateway-6rd']} to any tracker {$increment_tracker($tracker)} label "{$fix_rule_label("Allow 6in4 traffic in for 6rd on {$oc['descr']}")}" pass out {$log['pass']} on \${$oc['descr']} proto 41 from any to {$config['interfaces'][$on]['gateway-6rd']} tracker {$increment_tracker($tracker)} label "{$fix_rule_label("Allow 6in4 traffic out for 6rd on {$oc['descr']}")}" EOD; + } + /* XXX: Really need to allow 6rd traffic coming in for v6 this is against default behaviour! */ if (0 && is_ipaddrv6($oc['ipv6'])) { $ipfrules .= <<<EOD |