diff options
author | jim-p <jimp@pfsense.org> | 2015-01-09 16:06:57 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-01-09 16:07:28 -0500 |
commit | 526e6c06f86ab81f20781e2c7655704d3790d581 (patch) | |
tree | 61e8ca5631de594d3cdad3748e07ec207eea388b /etc/inc/filter.inc | |
parent | 3529ac320df42cd7ed621d45d4398a12c5c9feb5 (diff) | |
download | pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.zip pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.tar.gz |
Add tracker and label to IPv4 Link-Local block rules.
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ebad7b7..03d21f2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2761,8 +2761,8 @@ function filter_rules_generate() { # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device, # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but # route-to can override that, causing problems such as in redmine #2073 -block in {$log['block']} quick from 169.254.0.0/16 to any -block in {$log['block']} quick from any to 169.254.0.0/16 +block in {$log['block']} quick from 169.254.0.0/16 to any tracker {$increment_tracker($tracker)} label "Block IPv4 link-local" +block in {$log['block']} quick from any to 169.254.0.0/16 tracker {$increment_tracker($tracker)} label "Block IPv4 link-local" #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- |