Date: Tue, 18 Jun 2019 15:06:16 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Eliminating IPv6 (?) Message-ID: <20190618150616.6ad64900@gumby.homeunix.com> In-Reply-To: <BAC48B99-6ABA-4C05-A1C5-1112076A9290@punkt.de> References: <9AF5DF39-9B81-4270-B25C-D089C971E924@punkt.de> <19574.1560847186@segfault.tristatelogic.com> <23816.53518.998090.665606@jerusalem.litteratus.org> <BAC48B99-6ABA-4C05-A1C5-1112076A9290@punkt.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Jun 2019 14:35:00 +0200 Patrick M. Hausen wrote: > Hi all, > > > Am 18.06.2019 um 13:54 schrieb Robert Huff <roberthuff@rcn.com>: > > > > If this is true - haven't checked personally - then it's a > > bug. (And a non-trivial one, the fact you're the first to report it > > notwithstanding.) > > Can you please open a bug report? > > I doubt it would qualify as a bug - possibly a bug in the docs, yes. > > Because the observed behaviour is definitely intentional. The flow of > statements in rc.firewall is: > > 0. flush all rules > 1. setup_loopback > 2. setup_ipv6_mandatory .. > So, yes, there will always be mandatory IPv6 rules in place. The rules are only added if IPv6 is built into the kernel. It's a long time since I've used ipfw, but IIRC the custom file is just a set of ipfw commands, so I presume it would be possible to delete any unwanted preset rules without having to modify rc.d/firewall. Alternatively setup_loopback() starts with rule 100, so there is also the option of adding custom rules that sort before the mandatory IPv6 rules and override them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190618150616.6ad64900>