From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 22 16:07:22 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D75E3106564A
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Dec 2008 16:07:22 +0000 (UTC)
	(envelope-from beni@brinckman.info)
Received: from lrelay02.edpnet.net (lrelay02.edpnet.net [212.71.1.211])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B9F88FC0C
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Dec 2008 16:07:22 +0000 (UTC)
	(envelope-from beni@brinckman.info)
Received: from bsdaddict.localnet (213.219.158.69.adsl.dyn.edpnet.net
	[213.219.158.69])
	by lrelay02.edpnet.net (8.13.8/8.13.8) with ESMTP id mBMFFa0H004979
	for <freebsd-questions@freebsd.org>; Mon, 22 Dec 2008 16:15:37 +0100
From: beni <beni@brinckman.info>
To: freebsd-questions@freebsd.org
Date: Mon, 22 Dec 2008 16:15:35 +0100
User-Agent: KMail/1.10.3 (FreeBSD/7.1-PRERELEASE; KDE/4.1.3; i386; ; )
X-Face: $,~&QrDrInYiH(ZUXjNH_0r4q\`w83!}&; +8c.K[`NnZwV|m$5N{NCkWesaR.9|yqIC[<
	=?utf-8?q?d=0A=09P0?="xTw:F|)_r*WC\f8lz<Isz<7O|1J*|s2TdKnckFR.x$&;
	EDTc2}"%Dw=v|pf3o(
	=?utf-8?q?=7B=7B=5BX=7B=0A=09=7DDN1?=(baFrGD:T?WY/gc*v/&(i5sA:An]-*|Je]Jbn1h,
	Z?Rt_A$KSN$(
	=?utf-8?q?Q67=3D=26h3=24=24=26=5DF=25p=0A=09=3FFOZt?=(~>)g=a;
	93dz2mP7iv)LLzBd; 6^Y:=*>@U; _\+4(
MIME-Version: 1.0
Message-Id: <200812221615.36177.beni@brinckman.info>
X-Virus-Scanned: ClamAV 0.92.1/8789/Mon Dec 22 01:19:15 2008 on
	lrelay02.edpnet.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE
	autolearn=disabled version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lrelay02.edpnet.net
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: kernel options for ipv6 firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: beni@brinckman.info
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Dec 2008 16:07:23 -0000

Hi,

I'm trying to reconfigure and recompile my kernel to use a ipv6 firewall.
So far I added this to the kernel (from http://techie.devnull.cz/ipv6/ipfw2-
ipv6-dummynet/) :

# IPFW2
options         IPFW2
options         IPFIREWALL_VERBOSE      	#enable logging to syslogd(8)
options         IPFIREWALL_FORWARD      	#enable transparent proxy support
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default

and I tried this also (from http://www.kame.net/~suz/freebsd-ipv6-config-
guide.txt) :

	options IPV6FIREWALL
	#options IPV6FIREWALL_VERBOSE
	#options IPV6FIREWALL_VERBOSE_LIMIT=100
	#options IPV6FIREWALL_DEFAULT_TO_ACCEPT
But all I get is an "unknown option" error when I do a make buildkernel.

I've added also this to my /etc/rc.conf :
#IPv6
gateway6_enable="YES"
ipv6_enable="YES"
#ipv6_gateway_enable="YES"
#ipv6_router_enable="YES"
ipv6_network_interfaces="vr0 tun0"

# Enable ip6fw.
ipv6_firewall_enable="YES"
ipv6_firewall_type="client"
# ipv6_firewall_quiet="NO"
ipv6_firewall_quiet="YES" 	# suppress rule display. (By default, it's NO)
ipv6_firewall_logging="YES"	# enable events logging. (By default, it's NO)
ipv6_firewall_flags=""		# Flags passed to ip6fw when type is a "filename"

pf is enabled for ipv4.

So what option(s) do I need to use a ipv6 firewall in my kernel ? 
-- 
Beni.