Date: Mon, 15 Oct 2001 17:29:05 +1000 (EST) From: carl@bl.echidna.id.au To: rguyom@pobox.com, vance@aurema.com Cc: freebsd-stable@FreeBSD.ORG, ipfilter@coombs.anu.edu.au Subject: Re: ipfilter ipv6 Message-ID: <200110150729.f9F7T5ts028741@rollcage.bl.echidna.id.au>
next in thread | raw e-mail | index | archive | help
> From: Christopher Vance <vance@aurema.com> > > : Well, there's one thing to consider : the FreeBSD commiter of IPFilter > : is IPFilter's author itself, Darren Reed. And it seems he choose to > : not enable IPv6 filtering. He should have good reasons to do so. > > Is NetBSD any different? I was told it uses ipf for ipv6, but it also > seems to have an older version. Perhaps it's like OpenBSD <= 2.9 > where the bits seem to be there but don't necessarily do what's > promised. I haven't actually tested it yet, but a vanilla 1.5.3alpha build says : (this is just a copy of my OpenBSD (not working!) ruleset) twat# ipfstat -6 -io pass out quick on rtk1 proto tcp from any to 3ffe:8001:5:2:a00:20ff:fe18:a87d/128 port = 25 keep state pass out quick on rtk1 proto tcp from any to 3ffe:8001:5:2:a00:20ff:fe18:a87d/128 port = 113 keep state pass out quick on rtk1 proto tcp from any to 3ffe:8001:5:2:a00:20ff:fe18:a87d/128 port = 22 keep state pass out quick on rtk1 proto tcp from 3ffe:8001:5::/48 to any port = 123 pass out quick on rtk1 proto udp from 3ffe:8001:5::/48 to any port = 123 pass out quick on lo0 from any to any pass in quick proto tcp from any to any port = 53 keep state pass in quick proto udp from any to any port = 53 keep state pass in quick on rtk1 proto tcp from 3ffe:8001:5::/48 to any keep state pass in quick on rtk1 proto udp from 3ffe:8001:5::/48 to any keep state pass in quick on rtk1 proto ipv6-icmp from 3ffe:8001:5::/48 to any keep state pass in quick on lo0 from any to any block in log quick from any to any > If I knew NetBSD's ipfilter worked right, I'd probably change my > firewall OS, even though I'm happy with FreeBSD for the desktop. I'm pretty sure it works. I haven't had to recompile anything to get the above. No live rules yet though, just the dummies above. Carl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110150729.f9F7T5ts028741>