Date: Sun, 27 Nov 2005 01:20:05 GMT From: =?iso-8859-1?Q?Ga=EBl?= Roualland <gael.roualland@dial.oleane.com> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE Message-ID: <200511270120.jAR1K5H3098378@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/89472; it has been noted by GNATS. From: =?iso-8859-1?Q?Ga=EBl?= Roualland <gael.roualland@dial.oleane.com> To: Hajimu UMEMOTO <ume@freebsd.org> Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE Date: Sun, 27 Nov 2005 02:15:05 +0100 Hajimu UMEMOTO a écrit : > gael> It does work, at least IPv6-over-IPv4 packets are not blocked, but ipfw > gael> list/show reports the rule as "allow ip from a.b.c.d to me" and it does > gael> filter it that way, opening a lot more than just protocol 41... > > Umm, 41 is treated as ipv6, internally. With following patch, > > allow ip from a.b.c.d to me proto 41 > > should work for workaround. However, it is still incomplete, and > `ipfw show' shows > > allow ip from any to any proto ipv6 > > Apart from this limitation, it seems working to me here. I applied the patch, and 'show' was fine (except for ipv6 instead of 41), but it did break my other rules.. Looks like "allow ip from any to any" doesn't match anything anymore... Gaël. -- Gaël Roualland -+- gael.roualland@dial.oleane.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511270120.jAR1K5H3098378>