Date: Thu, 7 Jan 2010 17:46:25 +0000 (UTC) From: Hajimu UMEMOTO <ume@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r201752 - head/etc Message-ID: <201001071746.o07HkP8g020988@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ume Date: Thu Jan 7 17:46:25 2010 New Revision: 201752 URL: http://svn.freebsd.org/changeset/base/201752 Log: Since the IPv4 rule allows ICMP_TIMXCEED, allow ICMP6_TIME_EXCEEDED as well for workstation type firewall. It makes traceroute6 work. Modified: head/etc/rc.firewall Modified: head/etc/rc.firewall ============================================================================== --- head/etc/rc.firewall Thu Jan 7 17:34:45 2010 (r201751) +++ head/etc/rc.firewall Thu Jan 7 17:46:25 2010 (r201752) @@ -505,7 +505,10 @@ case ${firewall_type} in # Allow "mandatory" ICMP in. ${fwcmd} add pass icmp from any to any icmptype 3,4,11 - + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 + fi + # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. # If you really wish to let anyone use services on your
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001071746.o07HkP8g020988>