Commit Graph

14 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
f269dc02de drop packet which has ::1 as src or dst via other than lo0
like as rc.firewall does.

MFC after:	1 week
2004-05-24 07:27:26 +00:00
Ruslan Ermilov
2faf03309d DNS should not necessarily be named(8), tweak the comment a bit. 2003-11-02 07:31:44 +00:00
Tom Rhodes
133c1315d5 Add a header: #!/bin/sh.
PR:	44363
2003-02-06 22:00:38 +00:00
Crist J. Clark
5439c489f8 Bring rc.firewall{,6} more in line with the word and spirit of
rc.conf(5) and the files' inline documentation.

  - Add the "closed"-type, documented in both places, but which did not
    exist in the code.

  - When provided a ruleset, the system should not make any assumptions
    about the sites's policy and should add no rules of its own.

  - Make the "UNKNOWN" (documented in-line) actual work as advertised,
    load no rules.

Prodded by:	Igor M Podlesny <poige@morning.ru>
MFC after:	1 week
2002-02-21 13:14:19 +00:00
Hajimu UMEMOTO
2643a003d1 Delete a needless rule for DAD. An unspecified address is never used
as a destination address of IPv6 packets.

Submitted by:	cjc
MFC after:	1 week
2002-02-20 18:05:44 +00:00
Hajimu UMEMOTO
4a84918dc9 fix typo. icmptype of destination unreach is not 2 but 1.
Submitted by:	kuriyama
2001-08-21 15:05:09 +00:00
Hajimu UMEMOTO
0e9ea6e71e pass any NS/NA/toobig.
Requested by:	itojun
MFC after:	5 days
2001-07-24 13:37:06 +00:00
Hajimu UMEMOTO
d35e2ab4ce - Allow link-local multicast traffic for client.
- Allow ICMPv6 destination unreach, packet too big and NS/NA.
- RIPng also uses link-local to link-local.

MFC after:	1 week
2001-07-21 19:59:35 +00:00
Hajimu UMEMOTO
66096b9f78 Correct typo. It should be site-local address prefix.
Submitted by:	kuriyama
MFC after:	3 days
2001-06-22 13:49:15 +00:00
Jun Kuriyama
a080f2d84f Fix typos in comment.
(s/IPFIREWALL_DEFAULT_TO_ACCEPT/IPV6FIREWALL_DEFAULT_TO_ACCEPT/)

MFC after:	1 week
2001-06-22 06:25:54 +00:00
Gregory Neil Shapiro
584096c53e With the recent change to ip6fw, it is safe to return to using ${fw6cmd}
which may include the -q flag.
2001-04-13 01:40:27 +00:00
Gregory Neil Shapiro
872880c2c0 ip6fw doesn't support -q if reading from a file so don't use ${fw6cmd} which
may have a -q if ${ipv6_firewall_quiet} is set.

Reviewed by:	kris
2001-02-28 06:51:17 +00:00
Dag-Erling Smørgrav
7a6ac3e087 Fix references to Chapman & Zwicky and Cheswick & Bellowin.
PR:		24652
Submitted by:	jjreynold@home.com
2001-02-25 11:44:51 +00:00
Hajimu UMEMOTO
e726be510b - ipv6_prefix_* and ipv6_ifconfig_* work for end node
- rtsol should be work for only one interface
- new variable ipv6_defaultrouter is added
- option name of rtadvd in comment are corrected
- ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script,
  ipv6_firewall_logging are added to introduce rc.firewall6.

IPv6 firewall rule is just starting point and should be brushed up.
This commit includes PR18621, PR21694, PR22051.

PR:		conf/18621, conf/21694, conf/22051
Reviewed by:	asmodai
2000-10-29 19:59:05 +00:00