Add tracker and label to IPv4 Link-Local block rules.

author: jim-p <jimp@pfsense.org> 2015-01-09 16:06:57 -0500
committer: jim-p <jimp@pfsense.org> 2015-01-09 16:07:28 -0500
commit: 526e6c06f86ab81f20781e2c7655704d3790d581 (patch)
tree: 61e8ca5631de594d3cdad3748e07ec207eea388b /etc/inc/filter.inc
parent: 3529ac320df42cd7ed621d45d4398a12c5c9feb5 (diff)
download: pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.zip
pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ebad7b7..03d21f2 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2761,8 +2761,8 @@ function filter_rules_generate() {
 # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device,
 # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but
 # route-to can override that, causing problems such as in redmine #2073
-block in {$log['block']} quick from 169.254.0.0/16 to any
-block in {$log['block']} quick from any to 169.254.0.0/16 
+block in {$log['block']} quick from 169.254.0.0/16 to any tracker {$increment_tracker($tracker)} label "Block IPv4 link-local"
+block in {$log['block']} quick from any to 169.254.0.0/16 tracker {$increment_tracker($tracker)} label "Block IPv4 link-local"
 #---------------------------------------------------------------------------
 # default deny rules
 #---------------------------------------------------------------------------
author	jim-p <jimp@pfsense.org>	2015-01-09 16:06:57 -0500
committer	jim-p <jimp@pfsense.org>	2015-01-09 16:07:28 -0500
commit	526e6c06f86ab81f20781e2c7655704d3790d581 (patch)
tree	61e8ca5631de594d3cdad3748e07ec207eea388b /etc/inc/filter.inc
parent	3529ac320df42cd7ed621d45d4398a12c5c9feb5 (diff)
download	pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.zip pfsense-526e6c06f86ab81f20781e2c7655704d3790d581.tar.gz