From owner-freebsd-questions@FreeBSD.ORG  Wed May 12 12:46:03 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D477116A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 12:46:03 -0700 (PDT)
Received: from unsane.co.uk (unsane.co.uk [82.152.23.78])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F1E1943D2F
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 12:46:02 -0700 (PDT)
	(envelope-from jhary@unsane.co.uk)
Received: from unsane.co.uk (localhost [127.0.0.1])
	by unsane.co.uk (8.12.11/8.12.10) with ESMTP id i4CJk3XS001524
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 20:46:03 +0100 (BST)
	(envelope-from jhary@unsane.co.uk)
Received: from localhost (jhary@localhost)
	by unsane.co.uk (8.12.11/8.12.10/Submit) with ESMTP id i4CJk36A001521
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 20:46:03 +0100 (BST)
	(envelope-from jhary@unsane.co.uk)
Date: Wed, 12 May 2004 20:46:03 +0100 (BST)
From: Vince Hoffman <jhary@unsane.co.uk>
To: freebsd-questions@freebsd.org
Message-ID: <20040512204430.O1493@unsane.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: ipfilter rules for gif ipv6 tunnel
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2004 19:46:03 -0000

Hi all,
        I recently moved to using ipfilter from ipfw (no particular
reason, just wanted to try another option.) The problem now is that where
i used to have an ipv6 tunnel (from the people at http://tunnelbroker.net)
(again no good reason but it gives me a change to try it out for when i
may need to know about it.) the tunnel uses a gif interface to encapulate
ipv6,
this worked fine with ipfw but doesnt seem to work with ipfilter.
i tried adding

pass in quick on fxp0 proto gre all keep state
pass out quick on fxp0 proto gre all keep state

but no joy.
any ideas ? what i need to add to let it pass ?
 i have no rules for ipv6 in ipfilter, but i tried adding an allow all
rule which didnt seem to help.
any ideas appreciated