/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision e636f373

Added by Chris Buechler over 10 years ago

ID e636f37393efe0810789e30158f73f3499613677
Parent 05b7eef9
Child b0c8f6de

Allow disabling the APIPA block via hidden config option. Very rarely necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups.

     	$saved_tracker += 100;
     	$tracker = $saved_tracker;
     	$ipfrules .= <<<EOD
     	if (!isset($config['system']['no_apipa_block'])) {
     		$ipfrules .= <<<EOD
     # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device,
     # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but
     # route-to can override that, causing problems such as in redmine #2073
     block in {$log['block']} quick from 169.254.0.0/16 to any tracker {$increment_tracker($tracker)} label "Block IPv4 link-local"
     block in {$log['block']} quick from any to 169.254.0.0/16 tracker {$increment_tracker($tracker)} label "Block IPv4 link-local"
     EOD;
+    	}
     	$ipfrules .= <<<EOD
     #---------------------------------------------------------------------------
     # default deny rules
     #---------------------------------------------------------------------------

Also available in: Unified diff

Project

General

Profile

pfSense

Revision e636f373

Added by Chris Buechler over 10 years ago