From owner-freebsd-net@FreeBSD.ORG  Mon Sep  5 12:52:31 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 005E9106564A
	for <freebsd-net@freebsd.org>; Mon,  5 Sep 2011 12:52:31 +0000 (UTC)
	(envelope-from freebsd-net@m.gmane.org)
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	by mx1.freebsd.org (Postfix) with ESMTP id B28DB8FC26
	for <freebsd-net@freebsd.org>; Mon,  5 Sep 2011 12:52:30 +0000 (UTC)
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-net@m.gmane.org>) id 1R0YQX-0005jM-Nn
	for freebsd-net@freebsd.org; Mon, 05 Sep 2011 14:37:25 +0200
Received: from lara.cc.fer.hr ([161.53.72.113])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-net@freebsd.org>; Mon, 05 Sep 2011 14:37:25 +0200
Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-net@freebsd.org>; Mon, 05 Sep 2011 14:37:25 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-net@freebsd.org
From: Ivan Voras <ivoras@freebsd.org>
Date: Mon, 05 Sep 2011 14:37:08 +0200
Lines: 45
Message-ID: <j42fpl$ps4$1@dough.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.12) Gecko/20101102 Thunderbird/3.1.6
X-Enigmail-Version: 1.1.2
Subject: ipfw and ipv6: "me"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2011 12:52:31 -0000

Hello,

I think the ipfw(8) man page is a bit ambiguous in this area: does the 
"me" pseudo-address (as in "allow tcp from any to me 80") also include ipv6?

Here's what the man page says on 8-stable:


"""
      src and dst: {addr | { addr or ... }} [[not] ports]
              An address (or a list, see below) optionally followed by ports
              specifiers.

              The second format (or-block with multiple addresses) is 
provided
              for convenience only and its use is discouraged.

              ip | all

              any     matches any IP address.

              me      matches any IP address configured on an interface 
in the
                      system.

              me6     matches any IPv6 address configured on an interface in
                      the system.  The address list is evaluated at the time
                      the packet is analysed.

              table(number[,value])
                      Matches any IPv4 address for which an entry exists 
in the
                      lookup table number.  If an optional 32-bit unsigned
                      value is also specified, an entry will match only 
if it
                      has this value.  See the LOOKUP TABLES section 
below for
                      more information on lookup tables.
"""

There is no symmetrical "me4" option which leads me to think that "me" 
matches only ipv4 and "me6" only ipv6.

Is this right? Any ideas?