diff options
author | Chris Buechler <cmb@pfsense.org> | 2013-03-11 01:25:29 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2013-03-11 01:25:29 -0500 |
commit | 6db5822430fc9882077aff47e8df4874bab6e469 (patch) | |
tree | 05f9dfa02b9d2c622e762d23cd7d26d915ef48b2 /etc/inc/filter.inc | |
parent | d5280de64da976ca7b0472a64f1dca0c1d7de8b3 (diff) | |
download | pfsense-6db5822430fc9882077aff47e8df4874bab6e469.zip pfsense-6db5822430fc9882077aff47e8df4874bab6e469.tar.gz |
move the "block all v6" rules back to where they should be, fix comment
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 25b9d6b..b88e139 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2409,6 +2409,12 @@ function filter_rules_generate() { $mt = microtime(); echo "filter_rules_generate() being called $mt\n"; } + + if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Block all IPv6\n"; + $ipfrules .= "block in inet6 all label \"Block all IPv6\"\n"; + $ipfrules .= "block out inet6 all label \"Block all IPv6\"\n"; + } $pptpdcfg = $config['pptpd']; @@ -2464,12 +2470,6 @@ block quick inet6 proto { tcp, udp } from any to any port = 0 EOD; - if(!isset($config['system']['ipv6allow'])) { - $ipfrules .= "# Block all IPv6\n"; - $ipfrules .= "block in inet6 all label \"Default Deny ipv6 rule\"\n"; - $ipfrules .= "block out inet6 all label \"Default Deny ipv6 rule\"\n"; - } - $ipfrules .= <<<EOD # Snort package |