From owner-freebsd-questions Mon Oct 1 15:18:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id 24A8B37B40A for ; Mon, 1 Oct 2001 15:18:22 -0700 (PDT) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.0/ignatz) with ESMTP id f91MI5975677; Mon, 1 Oct 2001 15:18:05 -0700 (PDT) Date: Mon, 1 Oct 2001 15:18:04 -0700 (PDT) From: "f.johan.beisser" To: "Oliver, Michael W." Cc: "'freebsd-questions@FreeBSD.ORG'" Subject: Re: Ipfilter 3.4.20 port with IPv6 support In-Reply-To: <1DA741CA6767A144BAA4F10012536C27A8C6@LKLDDC01.GARGANTUAN.COM> Message-ID: X-Ignore: This statement isn't supposed to be read by you MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 30 Sep 2001, Oliver, Michael W. wrote: > Folks, > > Can anyone give me some pointers on this subject? I can't get ipfilter > working with IPv6 support to save my dang life. It is working fine for > IPv4, just not IPv6. I am using 4.4 STABLE from 9/29. I also disregarded > the port and tried building from the source on the authors web site, but > that was just as fruitless. I would like to get this working from the port > since that is what it is there for anyway... so far, in testing on OpenBSD, i've not seen IPFilter 3.4.20 handle any IPv6 packets at all. i've not had a chance to test it under FreeBSD, but i don't see a reason for the behaviour to change, and based on what you've just posted, aparently it doesn't. according to Itojun (with the KAME project), the IPFilter code is not compatable with the various KAME IPv6 stacks, and "has no chance in IPv6, due to its internal structure." now, just in case you've not checked it, inside the IPFilter Makefile, there is a single flag that needs to be uncommented before you build it. As i said before, though, i've not seen IPFilter work with v6 traffic. > Thanks in advance for all of your help, and please cc me on all replies. > Thanks! i would suggest trying ip6fw (IP6FIREWALL, iirc is the option in the kernel) before attempting any more things with IPFilter. ask on the IPfilter mailing lists, and check back in the various archives. -- jan -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a gillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message