From ac135e422b704e6e778b3cd9614da93c2349a851 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Tue, 12 Mar 2013 01:48:56 -0500
Subject: use logging on the block all v6 rules if default is log

---
 etc/inc/filter.inc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index b88e139..70aef9f 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2409,12 +2409,6 @@ function filter_rules_generate() {
 		$mt = microtime();
 		echo "filter_rules_generate() being called $mt\n";
 	}
-	
-	if(!isset($config['system']['ipv6allow'])) {
-		$ipfrules .= "# Block all IPv6\n";
-		$ipfrules .= "block in inet6 all label \"Block all IPv6\"\n";
-		$ipfrules .= "block out inet6 all label \"Block all IPv6\"\n";
-	}
 
 	$pptpdcfg = $config['pptpd'];
 
@@ -2433,6 +2427,13 @@ function filter_rules_generate() {
 		$log = "log";
 	else
 		$log = "";
+		
+	if(!isset($config['system']['ipv6allow'])) {
+		$ipfrules .= "# Block all IPv6\n";
+		$ipfrules .= "block in {$log} quick inet6 all label \"Block all IPv6\"\n";
+		$ipfrules .= "block out {$log} quick inet6 all label \"Block all IPv6\"\n";
+	}
+	
 	$ipfrules .= <<<EOD
 #---------------------------------------------------------------------------
 # default deny rules
-- 
cgit v1.1