diff options
author | jim-p <jimp@pfsense.org> | 2015-01-09 16:06:57 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-01-09 16:06:57 -0500 |
commit | 57963e4baf361d58173c577c0a8231cc619f9a5d (patch) | |
tree | d6c1dcf7c87238d3d678408ba25265433a36c9e8 | |
parent | 557c21dae0ea214a49a858216455a363213260d9 (diff) | |
download | pfsense-57963e4baf361d58173c577c0a8231cc619f9a5d.zip pfsense-57963e4baf361d58173c577c0a8231cc619f9a5d.tar.gz |
Add tracker and label to IPv4 Link-Local block rules.
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ebad7b7..03d21f2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2761,8 +2761,8 @@ function filter_rules_generate() { # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device, # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but # route-to can override that, causing problems such as in redmine #2073 -block in {$log['block']} quick from 169.254.0.0/16 to any -block in {$log['block']} quick from any to 169.254.0.0/16 +block in {$log['block']} quick from 169.254.0.0/16 to any tracker {$increment_tracker($tracker)} label "Block IPv4 link-local" +block in {$log['block']} quick from any to 169.254.0.0/16 tracker {$increment_tracker($tracker)} label "Block IPv4 link-local" #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- |