diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-12-31 02:00:01 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-12-31 02:02:05 -0600 |
commit | 3cf56fb0729c003153a46a8ca4d0563e92f316c7 (patch) | |
tree | ecdab691f458dde2efea0e5b69fa5a34150f36db /etc | |
parent | 1c84a5f10c9961d57212677a80b0e931c5fd57a4 (diff) | |
download | pfsense-3cf56fb0729c003153a46a8ca4d0563e92f316c7.zip pfsense-3cf56fb0729c003153a46a8ca4d0563e92f316c7.tar.gz |
Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0707d36..e4bea9b 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2750,6 +2750,9 @@ function filter_rules_generate() { $saved_tracker = $tracker; if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Allow IPv6 on loopback\n"; + $ipfrules .= "pass in {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n"; + $ipfrules .= "pass out {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n"; $ipfrules .= "# Block all IPv6\n"; $ipfrules .= "block in {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n"; $ipfrules .= "block out {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n"; |