From owner-freebsd-bugs Thu Jan 24 4:22:41 2002 Delivered-To: freebsd-bugs@freebsd.org Received: from smtpzilla1.xs4all.nl (smtpzilla1.xs4all.nl [194.109.127.137]) by hub.freebsd.org (Postfix) with ESMTP id D91D537B416 for ; Thu, 24 Jan 2002 04:22:33 -0800 (PST) Received: from dim.lostboys.nl (dim.lostboys.nl [212.123.234.49]) by smtpzilla1.xs4all.nl (8.12.0/8.12.0) with ESMTP id g0OCMTkG064728; Thu, 24 Jan 2002 13:22:29 +0100 (CET) Date: Thu, 24 Jan 2002 13:22:03 +0100 From: Dimitry Andric X-Mailer: The Bat! (v1.54 Beta/31) Business Reply-To: Dimitry Andric X-Priority: 3 (Normal) Message-ID: <192243092278.20020124132203@xs4all.nl> To: aaron (by way of aaron ) Cc: freebsd-bugs@freebsd.org Subject: Re: kern/34174: IPv6 doesn't work if IPFILTER_DEFAULT_BLOCK is used In-Reply-To: <200201232306.g0NN6Cn18736@meta.lo-res.org> References: <200201232306.g0NN6Cn18736@meta.lo-res.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 1/24/2002 at 00:04:37 aaron wrote: a> quick question... could it be that you forgot to allow rules with a> the -6 option? Well, I never used the option before. :) It seems that you have to load IPv4 and IPv6 rules separately, instead of putting them in 1 rules file. I'm not sure whether I find this elegant, or not. :) So in the case of DEFAULT_BLOCK, the separate IPv6 filter list is blocking all by default, and it doesn't get influenced by loading of rules from /etc/rc.network et al. There doesn't seem to be any mechanism (yet) in /etc/rc.network or /etc/rc.network6 to explicitly load IPv6 rules into ipf, so I'll have to add stuff like this manually to rc.local for now, I guess. I hope some support for this will be added in the future, since it seems to be quite finished for ipfw (seeing the rc.firewall and rc.firewall6 scripts). For example, settings in rc.conf like: ipv6_ipfilter_enable="YES" ipv6_ipfilter_rules="/etc/ipf.rules6" and so on. Are there any plans for such a scheme? But anyway, please close this PR, because manually adding rules for IPv6 (with the -6 options) makes it work alright. I think I'll go RTFM for ipfilter with IPv6 now... Cheers, -- Dimitry Andric PGP Key: http://www.xs4all.nl/~dim/dim.asc Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message