On Sat, Jan 18, 2014 at 09:57:26PM -0500, Brad wrote:
> On Thu, Jan 09, 2014 at 03:55:44PM -0500, Brad Smith wrote:
> > The default PF ruleset as setup by rc is too restrictive. Have the default
> > ruleset allow for DHCPv6.
>
> Anyone?
Looks good to me. OK claudio@
Question: should we add the same for inet as well since dhclient may use
a normal udp socket in some cases?
> > Index: rc
> > ===================================================================
> > RCS file: /home/cvs/src/etc/rc,v
> > retrieving revision 1.419
> > diff -u -p -u -p -r1.419 rc
> > --- rc 3 Jan 2014 23:24:19 -0000 1.419
> > +++ rc 9 Jan 2014 20:47:07 -0000
> > @@ -330,6 +330,8 @@ if [ X"${pf}" != X"NO" ]; then
> > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type
> > neighbradv"
> > RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type
> > routersol"
> > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type
> > routeradv"
> > + RULES="$RULES\npass out inet6 proto udp from any port
> > dhcpv6-client to any port dhcpv6-server"
> > + RULES="$RULES\npass in inet6 proto udp from any port
> > dhcpv6-server to any port dhcpv6-client"
> > fi
> > RULES="$RULES\npass proto carp keep state (no-sync)"
> > case `sysctl vfs.mounts.nfs 2>/dev/null` in
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
:wq Claudio
