From owner-freebsd-ipfw@FreeBSD.ORG  Mon Aug  2 13:05:39 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8E5C316A4CF; Mon,  2 Aug 2004 13:05:39 +0000 (GMT)
Received: from netlx014.civ.utwente.nl (netlx014.civ.utwente.nl [130.89.1.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6026643D48; Mon,  2 Aug 2004 13:05:38 +0000 (GMT)
	(envelope-from r.s.a.vandomburg@student.utwente.nl)
Received: from [127.0.0.1] (gog.student.utwente.nl [130.89.165.107])
          by netlx014.civ.utwente.nl (8.11.7/HKD) with ESMTP id i72D5EE29810;
          Mon, 2 Aug 2004 15:05:14 +0200
Message-ID: <410E3C0F.20403@student.utwente.nl>
Date: Mon, 02 Aug 2004 15:05:19 +0200
From: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
Organization: University of Twente
User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-sparc64@freebsd.org, freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-UTwente-MailScanner-Information: Scanned by MailScanner. Contact
	helpdesk@ITBE.utwente.nl for more information.
X-UTwente-MailScanner: Found to be clean
X-MailScanner-From: r.s.a.vandomburg@student.utwente.nl
Subject: Does ip6fw work for you on sparc64?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2004 13:05:39 -0000

Hello everybody,

Does ip6fw work for any sparc64 owners? It hasn't been working correctly 
for me for as long as I can remember. Behavior is very erratic: allow 
ipv6 works, but allow {tcp|udp} doesn't. Such rules do show up in the 
traffic counter, but really don't allow any traffic passing it at all.

I run a sparc64 with a world from 2004-08-02. Here's my firewall 
configuration:

00100 allow ipv6 from any to any via lo0
00200 deny ipv6 from any to ::1
00300 deny ipv6 from ::1 to any
00400 allow ipv6-icmp from :: to ff02::/16
00500 allow ipv6-icmp from fe80::/10 to fe80::/10
00600 allow ipv6-icmp from fe80::/10 to ff02::/16
00700 allow ipv6 from fe80::/10 to ff02::/16
00800 allow ipv6 from 2001:610:1908:8000::/64 to ff02::/16
00900 allow tcp from any to any established
01000 allow ipv6 from any to any frag
01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup
01200 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup
01300 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup
01400 deny tcp from any to any setup
01500 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01600 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53
01700 allow udp from any 123 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01800 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 123
01900 allow ipv6-icmp from any to any icmptype 33
02000 allow ipv6-icmp from any to any icmptype 34
65535 deny ipv6 from any to any

Any ideas?

Regards,

Roderick