Date: Mon, 25 Apr 2011 22:01:13 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: Lev Serebryakov <lev@FreeBSD.org> Cc: freebsd-ipfw@FreeBSD.org Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) Message-ID: <4DB5D309.6060200@digiware.nl> In-Reply-To: <201104201240.p3KCeAeA059249@freefall.freebsd.org> References: <201104201240.p3KCeAeA059249@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20-4-2011 14:40, Lev Serebryakov wrote: > The following reply was made to PR bin/104921; it has been noted by GNATS. > > From: Lev Serebryakov <lev@FreeBSD.org> > To: bug-followup@FreeBSD.org, seh-10lzx4@mail.quadrizen.com > Cc: freebsd-ipfw@FreeBSD.org, freebsd-net@freebsd.org > Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) > Date: Wed, 20 Apr 2011 16:36:55 +0400 > > Hello, Bug-followup. > > It is still valid for 8.2-STABLE: > > gateway# ipfw add 50000 allow ipv6-icmp from any to 2001:470:1f09:hhhh::/64= > ,2001:470:hhhh:1::/64,2001:470:hhhh:2::/64 icmp6types 1,2,3,4,128,129 keep-= > state > ipfw: bad netmask ``470:1f09:hhhh::/64'' > gateway# uname -a > FreeBSD gateway.home.serebryakov.spb.ru 8.2-STABLE FreeBSD 8.2-STABLE #0: F= > ri Apr 15 16:57:44 MSD 2011 lev@vmware-8-32.home.serebryakov.spb.ru:/us= > r/obj/nanobsd.gateway-net5501/usr/src/sys/NET5501 i386 > > It is very annoying bug, because "allow" rule can be divided into > one-rule-per-network, but "deny ... NOT IPv6,IPv6,..." is hard to > emulate (with multiple skipto rules). I think it is because the ':' has a different meaning in ipfw as well.... Would be nice to get ipfw to do the '[ipv6]' stuff, like some other programs do. eg. firefox, postfix..... I looked at the ipfw code, but it was too much work for me to fix in the short time I have to burn on and off. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DB5D309.6060200>