svn commit: r201752 - head/etc
Hajimu UMEMOTO
ume at FreeBSD.org
Thu Jan 7 17:46:25 UTC 2010
Author: ume
Date: Thu Jan 7 17:46:25 2010
New Revision: 201752
URL: http://svn.freebsd.org/changeset/base/201752
Log:
Since the IPv4 rule allows ICMP_TIMXCEED, allow
ICMP6_TIME_EXCEEDED as well for workstation type
firewall. It makes traceroute6 work.
Modified:
head/etc/rc.firewall
Modified: head/etc/rc.firewall
==============================================================================
--- head/etc/rc.firewall Thu Jan 7 17:34:45 2010 (r201751)
+++ head/etc/rc.firewall Thu Jan 7 17:46:25 2010 (r201752)
@@ -505,7 +505,10 @@ case ${firewall_type} in
# Allow "mandatory" ICMP in.
${fwcmd} add pass icmp from any to any icmptype 3,4,11
-
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
+ fi
+
# Add permits for this workstations published services below
# Only IPs and nets in firewall_allowservices is allowed in.
# If you really wish to let anyone use services on your
More information about the svn-src-head
mailing list