svn commit: r201752 - head/etc

Hajimu UMEMOTO Thu, 07 Jan 2010 09:48:00 -0800

Author: ume
Date: Thu Jan  7 17:46:25 2010
New Revision: 201752
URL: http://svn.freebsd.org/changeset/base/201752


Log:
  Since the IPv4 rule allows ICMP_TIMXCEED, allow
  ICMP6_TIME_EXCEEDED as well for workstation type
  firewall.  It makes traceroute6 work.

Modified:
  head/etc/rc.firewall

Modified: head/etc/rc.firewall
==============================================================================
--- head/etc/rc.firewall        Thu Jan  7 17:34:45 2010        (r201751)
+++ head/etc/rc.firewall        Thu Jan  7 17:46:25 2010        (r201752)
@@ -505,7 +505,10 @@ case ${firewall_type} in
 
        # Allow "mandatory" ICMP in.
        ${fwcmd} add pass icmp from any to any icmptype 3,4,11
-       
+       if [ $ipv6_available -eq 0 ]; then
+               ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
+       fi
+
        # Add permits for this workstations published services below
        # Only IPs and nets in firewall_allowservices is allowed in.
        # If you really wish to let anyone use services on your 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r201752 - head/etc

Reply via email to