Since the IPv4 rule allows ICMP_TIMXCEED, allow
ICMP6_TIME_EXCEEDED as well for workstation type firewall. It makes traceroute6 work.
This commit is contained in:
parent
28a5e2a5d7
commit
789ad2d46a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=201752
@ -505,7 +505,10 @@ case ${firewall_type} in
|
||||
|
||||
# Allow "mandatory" ICMP in.
|
||||
${fwcmd} add pass icmp from any to any icmptype 3,4,11
|
||||
|
||||
if [ $ipv6_available -eq 0 ]; then
|
||||
${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
|
||||
fi
|
||||
|
||||
# Add permits for this workstations published services below
|
||||
# Only IPs and nets in firewall_allowservices is allowed in.
|
||||
# If you really wish to let anyone use services on your
|
||||
|
Loading…
Reference in New Issue
Block a user