Date: Tue, 18 Jun 2019 14:35:00 +0200 From: "Patrick M. Hausen" <hausen@punkt.de> To: Robert Huff <roberthuff@rcn.com> Cc: "Ronald F. Guilmette" <rfg@tristatelogic.com>, Artem Viklenko via freebsd-net <freebsd-net@freebsd.org>, freebsd-questions@freebsd.org Subject: Re: Eliminating IPv6 (?) Message-ID: <BAC48B99-6ABA-4C05-A1C5-1112076A9290@punkt.de> In-Reply-To: <23816.53518.998090.665606@jerusalem.litteratus.org> References: <9AF5DF39-9B81-4270-B25C-D089C971E924@punkt.de> <19574.1560847186@segfault.tristatelogic.com> <23816.53518.998090.665606@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, > Am 18.06.2019 um 13:54 schrieb Robert Huff <roberthuff@rcn.com>: >=20 > If this is true - haven't checked personally - then it's a bug. > (And a non-trivial one, the fact you're the first to report it > notwithstanding.) > Can you please open a bug report? I doubt it would qualify as a bug - possibly a bug in the docs, yes. Because the observed behaviour is definitely intentional. The flow of = statements in rc.firewall is: 0. flush all rules 1. setup_loopback 2. setup_ipv6_mandatory and no configuration is going to skip that - hence the only way is to = use firewall_script. Then it goes on: 3. is firewall_type one of the predefined =E2=80=9Eopen=E2=80=9C, = =E2=80=9Esimple=E2=80=9C, etc.? =E2=80=94> configure accordingly 4. if not and firewall_type points to a readable file, suck in = rules from there So, yes, there will always be mandatory IPv6 rules in place. That=E2=80=99= s why they are called mandatory, I figure ;-) Kind regards, Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAC48B99-6ABA-4C05-A1C5-1112076A9290>