From 15ccade5b7bd26ed13178eda5cb183fcf6c10a1b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 29 May 2010 11:49:29 +0200
Subject: [PATCH] ferm: always allow proto 41

---
 modules/ferm/files/ferm.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index b5448b07..5f6e159f 100644
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -45,6 +45,11 @@ domain (ip ip6) {
                       mod state state (ESTABLISHED RELATED) ACCEPT;
                       interface lo ACCEPT;
                       proto icmp ACCEPT;
+                      # some of our hosts (e.g. villa and lobos) do ipv6 via tunnels (proto 41)
+                      # this requires we allow proto ipv6 to work in all cases.
+                      # without this, ipv6 connectivity only works once the host itself
+                      # created some ipv6 connectivity to some place.
+                      proto ipv6 ACCEPT;
                       mod state state (INVALID) DROP;
               }
         }
@@ -58,3 +63,4 @@ domain (ip ip6) {
                 jump log_or_drop;
         }
 }
+# vim:set et:
-- 
2.39.2