From owner-freebsd-net Tue Jul 2 6:48:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3164037B400 for ; Tue, 2 Jul 2002 06:48:12 -0700 (PDT) Received: from kirk.rvdp.org (node147c0.a2000.nl [24.132.71.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F94543E0A for ; Tue, 2 Jul 2002 06:48:11 -0700 (PDT) (envelope-from rvdp@kirk.rvdp.org) Received: (from rvdp@localhost) by kirk.rvdp.org (8.11.6/8.11.6) id g62Dm8K21416 for freebsd-net@FreeBSD.ORG; Tue, 2 Jul 2002 15:48:08 +0200 (CEST) Date: Tue, 2 Jul 2002 15:48:08 +0200 From: Ronald van der Pol To: freebsd-net@FreeBSD.ORG Subject: status of conf/3517?; ipf(8) does not work for IPv6 Message-ID: <20020702134808.GA18209@rvdp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Their has been some discussion about conf/3517 which is about ipf(8) filtering for IPv6. I see -current has this in /etc/rc.d/ipfilter: ipfilter_start() { echo "Enabling ipfilter." case `${CMD_OSTYPE}` in FreeBSD) ${ipfilter_program:-/sbin/ipf} -Fa -f \ "${ipfilter_rules}" ${ipfilter_flags} ;; NetBSD) /sbin/ipf -E -Fa if [ -f /etc/ipf.conf ]; then /sbin/ipf -f /etc/ipf.conf fi if [ -f /etc/ipf6.conf ]; then /sbin/ipf -6 -f /etc/ipf6.conf fi ;; esac } Can FreeBSD do the same as NetBSD? There is another problem with the FreeBSD code. The ${ipfilter_flags} won't be executed at the end of the command. It seems that it needs to be before the -f flag: # ipf -6 -Fa -f /tmp/ipf.rules -v # ipf -6 -Fa -v -f /tmp/ipf.rules [pass in from any to 2001:abcd::/128] pass in from any to 2001:abcd::/128 # rvdp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message