diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-01-28 15:27:59 +0100 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-01-28 15:27:59 +0100 |
| commit | 161cc65b3f28bd50ef53eab3493cea23786d722e (patch) | |
| tree | 927514a2a33e959896b7423a8de008db8695a03c /etc | |
| parent | b3cf4d5abd6b3b186c54c98dd4f04dcdbec6b20f (diff) | |
| download | pfsense-161cc65b3f28bd50ef53eab3493cea23786d722e.zip pfsense-161cc65b3f28bd50ef53eab3493cea23786d722e.tar.gz | |
Activate the firewall rules for DHCPDv6.
Add pass in to port 546, pass out to 547
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e9537cb..8628fee 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2285,11 +2285,9 @@ EOD; # allow access to DHCPv6 server on {$oc['descr']} anchor "dhcpv6server{$oc['descr']}" # We need inet6 icmp for stateless autoconfig and dhcpv6 -pass in on \${$oc['descr']} inet6 proto ipv6-icmp from fe80::/10 to ff02::/10 label "allow access to DHCPv6 server" -pass out on \${$oc['descr']} inet6 proto ipv6-icmp from fe80::/10 to ff02::/10 label "allow access to DHCPv6 server" -#pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/10 port = 546 label "allow access to DHCPv6 server" -#pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to {$oc['ipv6']} port = 546 label "allow access to DHCPv6 server" -#pass out on \${$oc['descr']} inet6 proto udp from {$oc['ipv6']} port = 546 to any label "allow access to DHCPv6 server" +pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 546 label "allow access to DHCPv6 server" +pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to {$oc['ipv6']} port = 546 label "allow access to DHCPv6 server" +pass out on \${$oc['descr']} inet6 proto udp from {$oc['ipv6']} port = 547 to fe80::/10 label "allow access to DHCPv6 server" EOD; } |
