On Sat, Jan 18, 2014 at 09:57:26PM -0500, Brad wrote: > On Thu, Jan 09, 2014 at 03:55:44PM -0500, Brad Smith wrote: > > The default PF ruleset as setup by rc is too restrictive. Have the default > > ruleset allow for DHCPv6. > > Anyone?
Looks good to me. OK claudio@ Question: should we add the same for inet as well since dhclient may use a normal udp socket in some cases? > > Index: rc > > =================================================================== > > RCS file: /home/cvs/src/etc/rc,v > > retrieving revision 1.419 > > diff -u -p -u -p -r1.419 rc > > --- rc 3 Jan 2014 23:24:19 -0000 1.419 > > +++ rc 9 Jan 2014 20:47:07 -0000 > > @@ -330,6 +330,8 @@ if [ X"${pf}" != X"NO" ]; then > > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type > > neighbradv" > > RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type > > routersol" > > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type > > routeradv" > > + RULES="$RULES\npass out inet6 proto udp from any port > > dhcpv6-client to any port dhcpv6-server" > > + RULES="$RULES\npass in inet6 proto udp from any port > > dhcpv6-server to any port dhcpv6-client" > > fi > > RULES="$RULES\npass proto carp keep state (no-sync)" > > case `sysctl vfs.mounts.nfs 2>/dev/null` in > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- :wq Claudio