move the "block all v6" rules back to where they should be, fix comment

author: Chris Buechler <cmb@pfsense.org> 2013-03-11 01:25:29 -0500
committer: Chris Buechler <cmb@pfsense.org> 2013-03-11 01:25:29 -0500
commit: 6db5822430fc9882077aff47e8df4874bab6e469 (patch)
tree: 05f9dfa02b9d2c622e762d23cd7d26d915ef48b2 /etc/inc/filter.inc
parent: d5280de64da976ca7b0472a64f1dca0c1d7de8b3 (diff)
download: pfsense-6db5822430fc9882077aff47e8df4874bab6e469.zip
pfsense-6db5822430fc9882077aff47e8df4874bab6e469.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 25b9d6b..b88e139 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2409,6 +2409,12 @@ function filter_rules_generate() {
 		$mt = microtime();
 		echo "filter_rules_generate() being called $mt\n";
 	}
+	
+	if(!isset($config['system']['ipv6allow'])) {
+		$ipfrules .= "# Block all IPv6\n";
+		$ipfrules .= "block in inet6 all label \"Block all IPv6\"\n";
+		$ipfrules .= "block out inet6 all label \"Block all IPv6\"\n";
+	}
 
 	$pptpdcfg = $config['pptpd'];
 
@@ -2464,12 +2470,6 @@ block quick inet6 proto { tcp, udp } from any to any port = 0
 
 EOD;
 
-	if(!isset($config['system']['ipv6allow'])) {
-		$ipfrules .= "# Block all IPv6\n";
-		$ipfrules .= "block in inet6 all label \"Default Deny ipv6 rule\"\n";
-		$ipfrules .= "block out inet6 all label \"Default Deny ipv6 rule\"\n";
-	}
-
 	$ipfrules .= <<<EOD
 
 # Snort package
author	Chris Buechler <cmb@pfsense.org>	2013-03-11 01:25:29 -0500
committer	Chris Buechler <cmb@pfsense.org>	2013-03-11 01:25:29 -0500
commit	6db5822430fc9882077aff47e8df4874bab6e469 (patch)
tree	05f9dfa02b9d2c622e762d23cd7d26d915ef48b2 /etc/inc/filter.inc
parent	d5280de64da976ca7b0472a64f1dca0c1d7de8b3 (diff)
download	pfsense-6db5822430fc9882077aff47e8df4874bab6e469.zip pfsense-6db5822430fc9882077aff47e8df4874bab6e469.tar.gz