From 6e5d84ba22f252019e634152ca1a87d1b3d6dd74 Mon Sep 17 00:00:00 2001
From: smos <seth.mos@dds.nl>
Date: Mon, 9 Apr 2012 14:14:12 +0200
Subject: Restore this piece of logic, otherwise the firewall rules break.

---
 etc/inc/filter.inc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index d8a4dce..806cbc8 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2570,7 +2570,17 @@ EOD;
                 	$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
 
 		$gwv6 = get_interface_gateway_v6($ifdescr);
-		$pdlen = 64 - calculate_ipv6_delegation_length($ifdescr);
+		switch($ifcfg['type6']) {
+			case "6rd":
+			case "6to4":
+				$stf = stf0;
+				$pdlen = 64 - calculate_ipv6_delegation_length($ifdescr);
+				break;
+			default:
+				$stf = $ifcfg['if'];
+				$pdlen = 64 - calculate_ipv6_delegation_length($ifdescr);
+			break;
+		}
 		if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6']))
                 	$ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']}/$pdlen to !{$ifcfg['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n";
 	}
-- 
cgit v1.1