From owner-freebsd-questions@FreeBSD.ORG Tue Jun 5 22:12:12 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A48E1065672 for ; Tue, 5 Jun 2012 22:12:12 +0000 (UTC) (envelope-from jusher71@yahoo.com) Received: from nm6-vm4.bullet.mail.ne1.yahoo.com (nm6-vm4.bullet.mail.ne1.yahoo.com [98.138.91.166]) by mx1.freebsd.org (Postfix) with SMTP id 355BB8FC1A for ; Tue, 5 Jun 2012 22:12:12 +0000 (UTC) Received: from [98.138.90.57] by nm6.bullet.mail.ne1.yahoo.com with NNFMP; 05 Jun 2012 22:12:06 -0000 Received: from [98.138.89.175] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 05 Jun 2012 22:12:06 -0000 Received: from [127.0.0.1] by omp1031.mail.ne1.yahoo.com with NNFMP; 05 Jun 2012 22:12:06 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 850421.30649.bm@omp1031.mail.ne1.yahoo.com Received: (qmail 27668 invoked by uid 60001); 5 Jun 2012 22:12:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1338934326; bh=xoLVzC+AX3D52+UizJNowPIi/nMbAe81/PMAa+7WhAw=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=YlT4ThG/gayZuhkRFr8s0+f6+ifOCrJwtv9aJMQp2wpQcL+vQ/hD6vUwqVpTp65ly3IcPZV7VgfZQ+Hdu4o5W3eSt4N+pgTblxhbU4tXd6oP4ULrjKbvaxRT8ydGdaHgurz/WBUOGKbqJwJ6rW+FJw5oJ2bo0VG1y0UX27KLO4M= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=fJa5DtFlkl7F28OaJzkekuq1DFUOp3BS6JauDKoaZBM1CdIqNaxdMItrErjdJwlji1O/70xmNotC3qDlzPdiP/HQSo59dOJ4MOddPzAaPneVLpEfXsGV6lrO3mGnvG0/q10jUkpOxQle56aZXVE5UpIdHNKLWgroDxTNCvPa//M=; X-YMail-OSG: lqE.viUVM1nMb0UvAH1iPuX0umkHMQsEzqdpOwxPWwq0JQn lli1crx47vkEKz2UEQQ0e5TNn8egt8TlSWO3Tp5HmmoU8xlcM_ZM1.V2NSi9 I3V8Ynf9k5Jaj2QShNuewC0FSzT5ElUwMQYx7514B8oio_PxSC9DsGt.kcbm T42bsCLlsvhdHJu2Ffmnq6URtafI.NKfA8XYrqpms2xeO28tJpVA9qwIg_C3 IscpZYJxm1IkpuokZQzIGpaAa5lCV5krEBdI8m8thgoHblc0Y311bH_GVtfF xb5bSC1AEpcxIq6ApLD1P_1pMJhjIaYGiXq6g2bMnAjwdss7aNfpRrDcOClP ZbN1oXZoUjA7XjRk7FaNBE5o4bW_8MVhoOwrpBcfiWD0VnwB2x8DGwF9BjAT nlQ-- Received: from [173.164.238.34] by web122502.mail.ne1.yahoo.com via HTTP; Tue, 05 Jun 2012 15:12:06 PDT X-Mailer: YahooMailClassic/15.0.6 YahooMailWebService/0.8.118.349524 Message-ID: <1338934326.88519.YahooMailClassic@web122502.mail.ne1.yahoo.com> Date: Tue, 5 Jun 2012 15:12:06 -0700 (PDT) From: Jason Usher To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: implementing ipv6 into my ipfw ruleset... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 22:12:12 -0000 I have a fairly simple ipfw ruleset, which looks like: 100 allow tcp from any to any established 110 allow icmp from any to any icmptypes 0,3,8,11 120 deny icmp from any to any 130 allow ip from any to any via lo0 200 allow udp from me to any 53 210 allow udp from any 53 to me 220 allow udp from any to me 33433-33499 230 allow tcp from any to 82.197.184.219 22,80,443 setup 65000 deny log ip from any to me 65001 deny log ip from any to me6 What I am wondering is, am I blocking all ipv6 traffic by not explicitly allowing ipv6 in (for the established rule 100, icmp rule 110, and the entire block of 200-230) ? Or, since that is all tcp/udp/icmp, it doesn't matter, and I am properly allowing in ipv6 traffic, but ONLY for the tcp/udp ports I specify, and then blocking the rest ? Basically: how is my ruleset treating ipv6 traffic (other than the fact that, at the end of the set, I deny all ipv6 that has gotten to that point) thank you.