Date: Tue, 2 Jul 2002 15:48:08 +0200 From: Ronald van der Pol <Ronald.vanderPol@rvdp.org> To: freebsd-net@FreeBSD.ORG Subject: status of conf/3517?; ipf(8) does not work for IPv6 Message-ID: <20020702134808.GA18209@rvdp.org>
next in thread | raw e-mail | index | archive | help
Their has been some discussion about conf/3517 which is about ipf(8)
filtering for IPv6. I see -current has this in /etc/rc.d/ipfilter:
ipfilter_start()
{
echo "Enabling ipfilter."
case `${CMD_OSTYPE}` in
FreeBSD)
${ipfilter_program:-/sbin/ipf} -Fa -f \
"${ipfilter_rules}" ${ipfilter_flags}
;;
NetBSD)
/sbin/ipf -E -Fa
if [ -f /etc/ipf.conf ]; then
/sbin/ipf -f /etc/ipf.conf
fi
if [ -f /etc/ipf6.conf ]; then
/sbin/ipf -6 -f /etc/ipf6.conf
fi
;;
esac
}
Can FreeBSD do the same as NetBSD?
There is another problem with the FreeBSD code. The ${ipfilter_flags}
won't be executed at the end of the command. It seems that it needs to
be before the -f flag:
# ipf -6 -Fa -f /tmp/ipf.rules -v
# ipf -6 -Fa -v -f /tmp/ipf.rules
[pass in from any to 2001:abcd::/128]
pass in from any to 2001:abcd::/128
#
rvdp
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020702134808.GA18209>