Commit Graph

12 Commits

Author SHA1 Message Date
trhodes
2791241073 Add a header: #!/bin/sh.
PR:	44363
2003-02-06 22:00:38 +00:00
cjc
f864694415 Bring rc.firewall{,6} more in line with the word and spirit of
rc.conf(5) and the files' inline documentation.

  - Add the "closed"-type, documented in both places, but which did not
    exist in the code.

  - When provided a ruleset, the system should not make any assumptions
    about the sites's policy and should add no rules of its own.

  - Make the "UNKNOWN" (documented in-line) actual work as advertised,
    load no rules.

Prodded by:	Igor M Podlesny <poige@morning.ru>
MFC after:	1 week
2002-02-21 13:14:19 +00:00
ume
c7a3f8f136 Delete a needless rule for DAD. An unspecified address is never used
as a destination address of IPv6 packets.

Submitted by:	cjc
MFC after:	1 week
2002-02-20 18:05:44 +00:00
ume
f0f29f2dc3 fix typo. icmptype of destination unreach is not 2 but 1.
Submitted by:	kuriyama
2001-08-21 15:05:09 +00:00
ume
b8992b1498 pass any NS/NA/toobig.
Requested by:	itojun
MFC after:	5 days
2001-07-24 13:37:06 +00:00
ume
c7f00dc287 - Allow link-local multicast traffic for client.
- Allow ICMPv6 destination unreach, packet too big and NS/NA.
- RIPng also uses link-local to link-local.

MFC after:	1 week
2001-07-21 19:59:35 +00:00
ume
7045160072 Correct typo. It should be site-local address prefix.
Submitted by:	kuriyama
MFC after:	3 days
2001-06-22 13:49:15 +00:00
kuriyama
44d1723f45 Fix typos in comment.
(s/IPFIREWALL_DEFAULT_TO_ACCEPT/IPV6FIREWALL_DEFAULT_TO_ACCEPT/)

MFC after:	1 week
2001-06-22 06:25:54 +00:00
gshapiro
9aaff3ecb1 With the recent change to ip6fw, it is safe to return to using ${fw6cmd}
which may include the -q flag.
2001-04-13 01:40:27 +00:00
gshapiro
3fd57baf14 ip6fw doesn't support -q if reading from a file so don't use ${fw6cmd} which
may have a -q if ${ipv6_firewall_quiet} is set.

Reviewed by:	kris
2001-02-28 06:51:17 +00:00
des
4f21d5f03f Fix references to Chapman & Zwicky and Cheswick & Bellowin.
PR:		24652
Submitted by:	jjreynold@home.com
2001-02-25 11:44:51 +00:00
ume
03e9a76a97 - ipv6_prefix_* and ipv6_ifconfig_* work for end node
- rtsol should be work for only one interface
- new variable ipv6_defaultrouter is added
- option name of rtadvd in comment are corrected
- ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script,
  ipv6_firewall_logging are added to introduce rc.firewall6.

IPv6 firewall rule is just starting point and should be brushed up.
This commit includes PR18621, PR21694, PR22051.

PR:		conf/18621, conf/21694, conf/22051
Reviewed by:	asmodai
2000-10-29 19:59:05 +00:00