From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 19 08:28:32 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB3B11065672; Tue, 19 Jan 2010 08:28:32 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3ECA48FC1E; Tue, 19 Jan 2010 08:28:32 +0000 (UTC) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 3F744153433; Tue, 19 Jan 2010 09:28:31 +0100 (CET) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3b8yueSNiT9; Tue, 19 Jan 2010 09:28:29 +0100 (CET) Received: from [192.168.10.67] (opteron [192.168.10.67]) by mail.digiware.nl (Postfix) with ESMTP id 2095C15342F; Tue, 19 Jan 2010 09:28:25 +0100 (CET) Message-ID: <4B556D26.7040503@digiware.nl> Date: Tue, 19 Jan 2010 09:28:22 +0100 From: Willem Jan Withagen Organization: Digiware User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Luigi Rizzo References: <25ff90d60912162320y286e37a0ufeb64397716d8c18@mail.gmail.com> <25ff90d60912180612y2b1f64fbw34b4d7f648762087@mail.gmail.com> <25ff90d61001021736p7b695197q104f4a7769b51b71@mail.gmail.com> <20100110185232.GA27907@onelab2.iet.unipi.it> <20100117110443.GA58434@onelab2.iet.unipi.it> <20100119075925.GA42257@onelab2.iet.unipi.it> In-Reply-To: <20100119075925.GA42257@onelab2.iet.unipi.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, Hajimu UMEMOTO , freebsd-ipfw@freebsd.org, David Horn Subject: Re: Unified rc.firewall ipfw me/me6 issue X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2010 08:28:32 -0000 Luigi Rizzo wrote: > On Sun, Jan 17, 2010 at 12:04:43PM +0100, Luigi Rizzo wrote: >> On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote: >>> Hi, >>> >>>>>>>> On Sun, 10 Jan 2010 19:52:32 +0100 >>>>>>>> Luigi Rizzo said: While we are at it, might I suggest one more "nice" thing... For several of my projects I reduced configuring a gateway/nat/firewall to just stuffing hostipnrs:ports into some shell variables. eg: firewall_forward_services="192.168.10.0/24^22 192.168.10.74^873 192.168.10.74^1195 192.168.10.66^80 192.168.10.117^10000 192.168.10.67^45457 2001:4cb8:3::67^45457 192.168.10.116^sip 192.168.10.113^sip" And I used to do that with the "std"-notation host:port. But once I got ipv6 connected, that no longer worked. And I also found that the ipv6 parser did some wierd stuff on other places as well. Is it posible to fix the ipv6nr parser and have it also recognise the versions: [a:b:c::d:e] and [a:b:c::d:e/64] (like firefox does) Yes, I know the stanza is: put your code where your mouth is. And I've been trying to find time to do this, and given enough days time will pop up. But this discussion is already running and people are already breaking up the code. Thanx, --WjW