Messages

1

General Discussion / Firewall Rules - IPV6 Protocols filtered out by etc/inc/filter.inc

« on: May 10, 2020, 09:49:45 pm »

I am trying to create a filter to allow packets with ipv6-frag protocol, but I was surprised to see it isn't possible without tinkering.

Looking around, the file /usr/local/etc/inc/filter.inc has this:

Code: [Select]

    /* IPv6 extension headers are skipped by the packet filter, we cannot police them */
    $ipv6_ext = array('IPV6-ROUTE', 'IPV6-FRAG', 'IPV6-OPTS', 'IPV6-NONXT', 'MOBILITY-HEADER');I have commented out that line and the new rule created by it works without issue.

Does anyone know why this has been added?