Date: Sun, 14 Oct 2001 20:15:57 +0200 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: freebsd-stable@freebsd.org Subject: Re: ipfilter ipv6 Message-ID: <20011014201557.C93723@diabolic-cow.chatgris.net> In-Reply-To: <20011014152203.O69352-100000@darkwing.turbo.net>; from turbo@lamering.org on Sun, Oct 14, 2001 at 03:26:27PM %2B0200 References: <20011014232019.A29012@aurema.com> <20011014152203.O69352-100000@darkwing.turbo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 14, 2001 at 03:26:27PM +0200, Henrik Holmstam wrote:
>
> On Sun, 14 Oct 2001, Christopher Vance wrote:
>
> > Is there any reason why FreeBSD ipfilter is compiled without ipv6?
> > Does it not work, or is nobody FreeBSDish interested?
I don't think IPFilter is IPv6-ready. There's some support but I don't
think it's stable or tested enough at this point. I may be wrong.
> > I'd prefer something to keep state, so ip6fw isn't quite what I want.
>
> Is it? I'm using default IPFilter on FreeBSD 4.4-STABLE with ipv6 and it
> works just fine. I'm keeping state and have rules with 'proto ipv6' with
> no problems.
"ipv6" in this context means "v6 in v4". It means you're filtering
IPv6 packets based on the IPv4 tunnel end-point address, which is
better than nothing but still far from ideal.
IPFilter compiled with IPv6 support needs *two* different set of
rules. One for v4 and one for v6. The v6 set is managed with "ipf -6"
instead of "ipf". See ipf(1) :
OPTIONS
-6 This option is required to parse IPv6 rules and to
have them loaded.
--
Rémi
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011014201557.C93723>