From owner-freebsd-current@FreeBSD.ORG  Fri Nov 23 05:37:46 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EC2C016A468
	for <current@freebsd.org>; Fri, 23 Nov 2007 05:37:46 +0000 (UTC)
	(envelope-from sean@mcneil.com)
Received: from mail.mcneil.com (mcneil.com [24.199.45.54])
	by mx1.freebsd.org (Postfix) with ESMTP id EC64513C468
	for <current@freebsd.org>; Fri, 23 Nov 2007 05:37:46 +0000 (UTC)
	(envelope-from sean@mcneil.com)
Received: from localhost (localhost.mcneil.com [127.0.0.1])
	by mail.mcneil.com (Postfix) with ESMTP id 848C7F72D8
	for <current@freebsd.org>; Thu, 22 Nov 2007 21:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at mcneil.com
Received: from mail.mcneil.com ([127.0.0.1])
	by localhost (mcneil.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Yv6bzinnhXOF for <current@freebsd.org>;
	Thu, 22 Nov 2007 21:37:44 -0800 (PST)
Received: from [10.10.10.254] (ferrari.mcneil.com [10.10.10.254])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.mcneil.com (Postfix) with ESMTP id C6EE2F727C
	for <current@freebsd.org>; Thu, 22 Nov 2007 21:37:44 -0800 (PST)
Message-ID: <4746670A.2010204@mcneil.com>
Date: Thu, 22 Nov 2007 21:37:14 -0800
From: Sean McNeil <sean@mcneil.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: current@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 23 Nov 2007 12:49:43 +0000
Cc: 
Subject: 7-STABLE firewall gets flushed for both ipv4 and ipv6
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2007 05:37:47 -0000

Now that ip6fw is deprecated and ipfw does both v4 and v6 there is a 
problem with setup of a firewall. If, for example, you have

firewall_type="some_file"
ipv6_firewall_type="OPEN"

they both will not be setup. Instead, you will end up with just the 
rules from the one settup (depending on rcorder).

In order to work around the issue, I have merged the firewall rules into 
one file and use

firewall_type="/etc/fw/firewall.rules"
ipv6_firewall_type="/etc/fw/firewall.rules"

I don't know of any other way to do this properly.