From owner-freebsd-stable Sun Oct 14 22:19: 4 2001 Delivered-To: freebsd-stable@freebsd.org Received: from smtp2.cluster.oleane.net (smtp2.cluster.oleane.net [195.25.12.17]) by hub.freebsd.org (Postfix) with ESMTP id 10D7937B407 for ; Sun, 14 Oct 2001 22:18:59 -0700 (PDT) Received: from diabolic-cow.chatgris.net (c2ce770c.fsp.oleane.fr [194.206.119.12]) by smtp2.cluster.oleane.net with ESMTP id f9F5Itm32867 for ; Mon, 15 Oct 2001 07:18:56 +0200 (CEST) Received: by diabolic-cow.chatgris.net (Postfix, from userid 1000) id 83CFA12C; Mon, 15 Oct 2001 00:52:37 +0200 (CEST) Date: Mon, 15 Oct 2001 00:52:37 +0200 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter ipv6 Message-ID: <20011015005237.D93723@diabolic-cow.chatgris.net> References: <20011014232019.A29012@aurema.com> <20011014152203.O69352-100000@darkwing.turbo.net> <20011014201557.C93723@diabolic-cow.chatgris.net> <20011015075708.B29012@aurema.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011015075708.B29012@aurema.com>; from vance@aurema.com on Mon, Oct 15, 2001 at 07:57:08AM +1000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Oct 15, 2001 at 07:57:08AM +1000, Christopher Vance wrote: > On Sun, Oct 14, 2001 at 08:15:57PM +0200, Rémi Guyomarch wrote: > : On Sun, Oct 14, 2001 at 03:26:27PM +0200, Henrik Holmstam wrote: > : > On Sun, 14 Oct 2001, Christopher Vance wrote: > : > > : > > Is there any reason why FreeBSD ipfilter is compiled without ipv6? > : > > Does it not work, or is nobody FreeBSDish interested? > : > : I don't think IPFilter is IPv6-ready. There's some support but I don't > : think it's stable or tested enough at this point. I may be wrong. > > Is that a judgement made by ipfilter people on what it does on FreeBSD, > or by FreeBSD people on what ipfilter does/doesn't do? Neither :) I tested IPFilter 3.4.x against IPv6 sometimes ago on OpenBSD and it wasn't ready. Situation might have evolved, this is why I wrote "I may be wrong". > I was looking for ways to filter tcp and udp traffic by their ip6 > addresses. ipf filtering gif/stf traffic by where the tunnel came > from is not what I meant, since that's only filtering protocol 41 (or > whatever) as ip4 traffic, with no understanding of ip6 addressing. Exactly. > It looks to me that the default compile of ipfilter on FreeBSD 4-S > turns off the -6 option and the USE_INET6 cpp define, and removes > mention of -6 from the manual pages. Seems like someone went to some > effort to remove it, and I was wondering why, and whether it was > easier to put back in. Well, there's one thing to consider : the FreeBSD commiter of IPFilter is IPFilter's author itself, Darren Reed. And it seems he choose to not enable IPv6 filtering. He should have good reasons to do so. But you could add the right define in a few Makefiles, recompile everything and test yourself :) -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message