From owner-freebsd-net@FreeBSD.ORG Sun Apr 27 18:42:18 2008 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18387106564A for ; Sun, 27 Apr 2008 18:42:18 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (unknown [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8CB498FC12 for ; Sun, 27 Apr 2008 18:42:17 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from crab.unsane.co.uk (crab.unsane.co.uk [10.0.0.111]) (authenticated bits=0) by unsane.co.uk (8.14.0/8.14.0) with ESMTP id m3RIeq72018298 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 27 Apr 2008 19:41:22 +0100 (BST) (envelope-from jhary@unsane.co.uk) Message-ID: <4814C8A5.9070605@unsane.co.uk> Date: Sun, 27 Apr 2008 19:40:37 +0100 From: Vince User-Agent: Thunderbird 2.0.0.12 (X11/20080426) MIME-Version: 1.0 To: Kevin Oberman References: <20080425211622.302CB45010@ptavv.es.net> In-Reply-To: <20080425211622.302CB45010@ptavv.es.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: ipfw can't be disabled for IPv56 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 18:42:18 -0000 Kevin Oberman wrote: >> Date: Fri, 25 Apr 2008 16:48:46 -0300 >> From: "Tobias P. Santos" >> >> Kevin Oberman wrote: >>> Running 7-STABLE of April 10, if I disable the firewall ('sysctl >>> net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had >>> to add a "allow ip from any to any" rule to get IPv6 to work pass >>> traffic. (Since I was accessing the system in question via IPv6, this >>> was a bit annoying!) >>> >>> Am I missing anything? The rc.subr script for ipfw just sets the sysctl I >>> did when it stops the firewall. >> >> net.link.ether.ipfw: 0 >> net.inet6.ip6.fw.enable: 1 <------------ voila!!! >> net.inet6.ip6.fw.debug: 1 > > Thanks! I need to file a PR to get that into the rc script. I should > have looked for a inet6 specific sysctl for this. Hate to say this but.... # # $FreeBSD: src/etc/rc.d/ip6fw,v 1.9 2007/04/02 15:38:53 mtm Exp $ # # PROVIDE: ip6fw # REQUIRE: routing # BEFORE: network_ipv6 # KEYWORD: nojail . /etc/rc.subr name="ip6fw" rcvar=`set_rcvar ipv6_firewall` start_cmd="ip6fw_start" stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" required_modules="ipfw"