pfSense

This is a bug introduced by last yesterday's update. Worked fine before that. (2.1-DEVELOPMENT (amd64)
built on Sun Apr 8 21:08:28 EDT 2012
FreeBSD 8.3-RELEASE)

The IPv6 version of the "let out anything from firewall host itself" rule did not include an interface name.

I managed to get the rules to load after commenting out these two lines from /etc/inc/filter.inc (lines 2574 and 2575)

1. if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6'])) # $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']}/$pdlen to !{$ifcfg
   ['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n";

maybe the real fix is to use $ifcfg['ipv6'] vs. $stf? ($stf seems to be empty).

my host uses a statically configured "gif0" 6in4 interface, not an auto configured 6to4 interface. I am marking this as "urgent" as it renders the firewall useless in my case.