Actions
Bug #6217
closed
lo0 default pass rules missing quick flag
Status:
Not a Bug
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
04/20/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
pass in quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" block drop in quick inet6 all label "Block all IPv6" block drop out quick inet6 all label "Block all IPv6" ............... pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
Is there any valid reason for default lo0 rules being non-quick? If so, then upper ip6 pass rules (probably added together with "Block all IPv6"), may potentially conflict.
Otherwise I think it would be better to make those rules quick and move them right before the place where "Block all IPv6" is added, and also eliminate duplication.
Sorry for being perfectionist, snooping under the hood right from the beginning)
Updated by Chris Buechler about 8 years ago
- Status changed from New to Not a Bug
that's by design, so you can override with floating rules if desired
Actions