stop RFC 4193 address on the outside interface.

MFC after: 1 day
2005-10-05 07:00:42 +00:00 · 2005-10-05 07:00:42 +00:00 · c837857210
commit c837857210
parent c6285009d7
1 changed files with 4 additions and 0 deletions
--- a/etc/rc.firewall6
+++ b/etc/rc.firewall6
@ -188,6 +188,10 @@ case ${ipv6_firewall_type} in
 	${fw6cmd} add deny all from ${inet}/${iprefixlen} to any in via ${oif}
 	${fw6cmd} add deny all from ${onet}/${oprefixlen} to any in via ${iif}

+	# Stop unique local unicast address on the outside interface
+	${fw6cmd} add deny all from fc00::/7 to any via ${oif}
+	${fw6cmd} add deny all from any to fc00::/7 via ${oif}
+
 	# Stop site-local on the outside interface
 	${fw6cmd} add deny all from fec0::/10 to any via ${oif}
 	${fw6cmd} add deny all from any to fec0::/10 via ${oif}