/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 4bc0961e

Added by Chris Buechler over 16 years ago

ID 4bc0961efb594c92b282c214bc975bc06fa323e2
Parent 0958770c
Child fe4df9b7

Block all IPv6 traffic by default, since IPv6 isn't supported, there isn't any way to add such rules in the GUI, and nearly all users won't want IPv6 to traverse their firewall at this point. Add "Allow IPv6" checkbox to disable this behavior.

     block quick from <snort2c> to any label "Block snort2c hosts"
     block quick from any to <snort2c> label "Block snort2c hosts"
     EOD;
             if(!isset($config['system']['ipv6allow'])) {
                     $ipfrules .= "# Block all IPv6\n";
                     $ipfrules .= "block in quick inet6 all\n";
                     $ipfrules .= "block out quick inet6 all\n";
+            }
             $ipfrules .= <<<EOD
     # loopback
     anchor "loopback"
     pass in quick on \$loopback all label "pass loopback"

     $pconfig['scrubnodf'] = $config['system']['scrubnodf'];
     $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
     $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
     $pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
     $pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
     $pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
     $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
-...
     			unset($config['diag']['ipv6nat']['enable']);
     			unset($config['diag']['ipv6nat']['ipaddr']);
+    		}
     		if($_POST['ipv6allow'] == "yes") {
     			$config['system']['ipv6allow'] = true;
     		} else {
     			unset($config['system']['ipv6allow']);
+    		}
     		$oldcert = $config['system']['webgui']['certificate'];
     		$oldkey = $config['system']['webgui']['private-key'];
     		$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
-...
     			<td colspan="2" class="list" height="12">&nbsp;</td>
     		</tr>
     		<tr>
     			<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
     			<td colspan="2" valign="top" class="listtopic">IPv6</td>
     		</tr>
            		<tr>
     			<td width="22%" valign="top" class="vncell">Allow IPv6</td>
     			<td width="78%" class="vtable">
     				<input name="ipv6allow" type="checkbox" id="ipv6allow" value="yes" <?php if ($pconfig['ipv6allow']) echo "checked"; ?> onclick="enable_change(false)" />
     				<strong>Allow IPv6 traffic</strong>
     				<br /> <br />
     				All IPv6 traffic will be blocked unless this box is checked.
     			</td>
     		</tr>
     		<tr>
     			<td width="22%" valign="top" class="vncell">&nbsp;</td>
     			<td width="22%" valign="top" class="vncell">IPv6 tunneling</td>
     			<td width="78%" class="vtable">
     				<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" />
     				<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:</strong>
-...
     				&nbsp;(IP address)
     			</td>
     		</tr>
             	<tr>
     			<td width="22%" valign="top">&nbsp;</td>
     			<td width="78%">
     				<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
     			</td>
     		</tr>
     		<tr>
     			<td colspan="2" class="list" height="12">&nbsp;</td>
     		</tr>

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 4bc0961e

Added by Chris Buechler over 16 years ago