From 4270d983e2bd7731758fd653f9ba319db5da716f Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Wed, 31 Dec 2014 02:00:01 -0600 Subject: Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074 --- etc/inc/filter.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0707d36..e4bea9b 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2750,6 +2750,9 @@ function filter_rules_generate() { $saved_tracker = $tracker; if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Allow IPv6 on loopback\n"; + $ipfrules .= "pass in {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n"; + $ipfrules .= "pass out {$log['pass']} on \$loopback inet6 all tracker {$increment_tracker($tracker)} label \"pass IPv6 loopback\"\n"; $ipfrules .= "# Block all IPv6\n"; $ipfrules .= "block in {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n"; $ipfrules .= "block out {$log['block']} quick inet6 all tracker {$increment_tracker($tracker)} label \"Block all IPv6\"\n"; -- cgit v1.1