Since the IPv4 rule allows ICMP_TIMXCEED, allow

ICMP6_TIME_EXCEEDED as well for workstation type firewall. It makes traceroute6 work.
svn path=/head/; revision=201752
2010-01-07 17:46:25 +00:00 · 2010-01-07 17:46:25 +00:00 · 789ad2d46a · 2020-12-20 02:59:44 +00:00
commit 789ad2d46a
parent 28a5e2a5d7
1 changed files with 4 additions and 1 deletions
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@ -505,7 +505,10 @@ case ${firewall_type} in

 	# Allow "mandatory" ICMP in.
 	${fwcmd} add pass icmp from any to any icmptype 3,4,11
-	
+	if [ $ipv6_available -eq 0 ]; then
+		${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
+	fi
+
 	# Add permits for this workstations published services below
 	# Only IPs and nets in firewall_allowservices is allowed in.
 	# If you really wish to let anyone use services on your