From owner-freebsd-net@FreeBSD.ORG  Fri Apr 25 20:16:48 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A4DC8106564A
	for <net@freebsd.org>; Fri, 25 Apr 2008 20:16:48 +0000 (UTC)
	(envelope-from tobias@netconsultoria.com.br)
Received: from srv1.netconsultoria.com.br (srv1.netconsultoria.com.br
	[189.1.176.252])
	by mx1.freebsd.org (Postfix) with ESMTP id 30A238FC1B
	for <net@freebsd.org>; Fri, 25 Apr 2008 20:16:47 +0000 (UTC)
	(envelope-from tobias@netconsultoria.com.br)
Received: from [172.16.16.100] (mailgw.ntelecom.com.br [189.1.176.249])
	(authenticated bits=0)
	by srv1.netconsultoria.com.br (8.13.8/8.13.3) with ESMTP id
	m3PJmgNd031890; Fri, 25 Apr 2008 16:48:42 -0300 (BRT)
	(envelope-from tobias@netconsultoria.com.br)
Message-ID: <4812359E.5040800@netconsultoria.com.br>
Date: Fri, 25 Apr 2008 16:48:46 -0300
From: "Tobias P. Santos" <tobias@netconsultoria.com.br>
User-Agent: Thunderbird 2.0.0.9 (X11/20071031)
MIME-Version: 1.0
To: Kevin Oberman <oberman@es.net>
References: <20080425194337.AFB7245010@ptavv.es.net>
In-Reply-To: <20080425194337.AFB7245010@ptavv.es.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.88.7/6938/Fri Apr 25 14:01:47 2008 on
	srv1.netconsultoria.com.br
X-Virus-Status: Clean
Cc: net@freebsd.org
Subject: Re: ipfw can't be disabled for IPv56
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2008 20:16:48 -0000

Kevin Oberman wrote:
> Running 7-STABLE of April 10, if I disable the firewall ('sysctl
> net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had
> to add a "allow ip from any to any" rule to get IPv6 to work pass
> traffic. (Since I was accessing the system in question via IPv6, this
> was a bit annoying!)
> 
> Am I missing anything? The rc.subr script for ipfw just sets the sysctl I
> did when it stops the firewall.


# sysctl -a | grep fw
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 8
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1
net.link.ether.ipfw: 0
net.inet6.ip6.fw.enable: 1 <------------ voila!!!
net.inet6.ip6.fw.debug: 1
net.inet6.ip6.fw.verbose: 1
net.inet6.ip6.fw.verbose_limit: 0
net.inet6.ip6.fw.deny_unknown_exthdrs: 1