From 5e79dcb1d245b098589e6802199ec0021887e887 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sun, 20 Jul 2025 18:39:17 -0600 Subject: [PATCH] update default firewalls to support ipv6 by default --- docs/chapters/gcp.rst | 2 +- docs/chapters/networking.rst | 2 +- usr/local/share/bastille/setup.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/chapters/gcp.rst b/docs/chapters/gcp.rst index c6fb5e72..d402b13b 100644 --- a/docs/chapters/gcp.rst +++ b/docs/chapters/gcp.rst @@ -69,7 +69,7 @@ them through the external interface: pass out pass in proto tcp to port {22} - pass in inet proto icmp icmp-type { echoreq } + pass in proto icmp icmp-type { echoreq } pass in on $bridge_if Restart the host and make sure everything comes up correctly. You should see the diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 7f260990..c60b52f9 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -469,7 +469,7 @@ Create the firewall rules: block in all pass out quick keep state antispoof for $ext_if inet - pass in inet proto tcp from any to any port ssh flags S/SA modulate state + pass in proto tcp from any to any port ssh flags S/SA modulate state - Make sure to change the ``ext_if`` variable to match your host system interface. diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index 07218e09..ae5d32f6 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -277,7 +277,7 @@ rdr-anchor "rdr/*" block in all pass out quick keep state antispoof for \$ext_if inet -pass in inet proto tcp from any to any port ssh flags S/SA keep state +pass in proto tcp from any to any port ssh flags S/SA keep state EOF sysrc pf_enable=YES warn "pf ruleset created, please review ${bastille_pf_conf} and enable it using 'service pf start'."