maxim
74720d8946
o Correct an info about "Firewalls and Internet Security" book: name,
...
authors list, ISBN, URLs.
PR: conf/119590
MFC after: 1 week
2008-01-12 19:02:09 +00:00
mlaier
23ea781ace
Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
...
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
2006-05-12 19:17:34 +00:00
ume
a358b1f631
stop RFC 4193 address on the outside interface.
...
MFC after: 1 day
2005-10-05 07:00:42 +00:00
ume
aedc433cf3
Use RFC 3849 address for examples.
...
Pointed out by: mistral@imasy.or.jp
MFC after: 1 week
2004-08-03 08:58:34 +00:00
ume
169bb92b15
drop packet which has ::1 as src or dst via other than lo0
...
like as rc.firewall does.
MFC after: 1 week
2004-05-24 07:27:26 +00:00
ru
c963c859f6
DNS should not necessarily be named(8), tweak the comment a bit.
2003-11-02 07:31:44 +00:00
trhodes
2791241073
Add a header: #!/bin/sh.
...
PR: 44363
2003-02-06 22:00:38 +00:00
cjc
f864694415
Bring rc.firewall{,6} more in line with the word and spirit of
...
rc.conf(5) and the files' inline documentation.
- Add the "closed"-type, documented in both places, but which did not
exist in the code.
- When provided a ruleset, the system should not make any assumptions
about the sites's policy and should add no rules of its own.
- Make the "UNKNOWN" (documented in-line) actual work as advertised,
load no rules.
Prodded by: Igor M Podlesny <poige@morning.ru>
MFC after: 1 week
2002-02-21 13:14:19 +00:00
ume
c7a3f8f136
Delete a needless rule for DAD. An unspecified address is never used
...
as a destination address of IPv6 packets.
Submitted by: cjc
MFC after: 1 week
2002-02-20 18:05:44 +00:00
ume
f0f29f2dc3
fix typo. icmptype of destination unreach is not 2 but 1.
...
Submitted by: kuriyama
2001-08-21 15:05:09 +00:00
ume
b8992b1498
pass any NS/NA/toobig.
...
Requested by: itojun
MFC after: 5 days
2001-07-24 13:37:06 +00:00
ume
c7f00dc287
- Allow link-local multicast traffic for client.
...
- Allow ICMPv6 destination unreach, packet too big and NS/NA.
- RIPng also uses link-local to link-local.
MFC after: 1 week
2001-07-21 19:59:35 +00:00
ume
7045160072
Correct typo. It should be site-local address prefix.
...
Submitted by: kuriyama
MFC after: 3 days
2001-06-22 13:49:15 +00:00
kuriyama
44d1723f45
Fix typos in comment.
...
(s/IPFIREWALL_DEFAULT_TO_ACCEPT/IPV6FIREWALL_DEFAULT_TO_ACCEPT/)
MFC after: 1 week
2001-06-22 06:25:54 +00:00
gshapiro
9aaff3ecb1
With the recent change to ip6fw, it is safe to return to using ${fw6cmd}
...
which may include the -q flag.
2001-04-13 01:40:27 +00:00
gshapiro
3fd57baf14
ip6fw doesn't support -q if reading from a file so don't use ${fw6cmd} which
...
may have a -q if ${ipv6_firewall_quiet} is set.
Reviewed by: kris
2001-02-28 06:51:17 +00:00
des
4f21d5f03f
Fix references to Chapman & Zwicky and Cheswick & Bellowin.
...
PR: 24652
Submitted by: jjreynold@home.com
2001-02-25 11:44:51 +00:00
ume
03e9a76a97
- ipv6_prefix_* and ipv6_ifconfig_* work for end node
...
- rtsol should be work for only one interface
- new variable ipv6_defaultrouter is added
- option name of rtadvd in comment are corrected
- ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script,
ipv6_firewall_logging are added to introduce rc.firewall6.
IPv6 firewall rule is just starting point and should be brushed up.
This commit includes PR18621, PR21694, PR22051.
PR: conf/18621, conf/21694, conf/22051
Reviewed by: asmodai
2000-10-29 19:59:05 +00:00