Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074

author: Chris Buechler <cmb@pfsense.org> 2014-12-31 02:00:01 -0600
committer: Chris Buechler <cmb@pfsense.org> 2014-12-31 02:00:01 -0600
commit: 4270d983e2bd7731758fd653f9ba319db5da716f (patch)
tree: db257579154f2c9432fe984400023d854f233bdd /etc
parent: 36dbc3ae37c85e4d19c5ce1518bd82a370368602 (diff)
download: pfsense-4270d983e2bd7731758fd653f9ba319db5da716f.zip
pfsense-4270d983e2bd7731758fd653f9ba319db5da716f.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0707d36..e4bea9b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2750,6 +2750,9 @@ function filter_rules_generate() {
 	$saved_tracker = $tracker;
 
 	if(!isset($config['system']['ipv6allow'])) {
+		$ipfrules .= "# Allow IPv6 on loopback\n";
+		$ipfrules .= "pass in {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n";
+		$ipfrules .= "pass out {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n";
 		$ipfrules .= "# Block all IPv6\n";
 		$ipfrules .= "block in {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n";
 		$ipfrules .= "block out {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n";
author	Chris Buechler <cmb@pfsense.org>	2014-12-31 02:00:01 -0600
committer	Chris Buechler <cmb@pfsense.org>	2014-12-31 02:00:01 -0600
commit	4270d983e2bd7731758fd653f9ba319db5da716f (patch)
tree	db257579154f2c9432fe984400023d854f233bdd /etc
parent	36dbc3ae37c85e4d19c5ce1518bd82a370368602 (diff)
download	pfsense-4270d983e2bd7731758fd653f9ba319db5da716f.zip pfsense-4270d983e2bd7731758fd653f9ba319db5da716f.tar.gz