From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 25 20:01:13 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE3131065670; Mon, 25 Apr 2011 20:01:13 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 7019B8FC15; Mon, 25 Apr 2011 20:01:13 +0000 (UTC) Received: from rack1.digiware.nl (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 604AA153435; Mon, 25 Apr 2011 22:01:12 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-h80dlSJjE6; Mon, 25 Apr 2011 22:01:10 +0200 (CEST) Received: from [IPv6:2001:4cb8:3:1:6824:5a9:e4a4:e510] (unknown [IPv6:2001:4cb8:3:1:6824:5a9:e4a4:e510]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.digiware.nl (Postfix) with ESMTPSA id 81F4B153434; Mon, 25 Apr 2011 22:01:10 +0200 (CEST) Message-ID: <4DB5D309.6060200@digiware.nl> Date: Mon, 25 Apr 2011 22:01:13 +0200 From: Willem Jan Withagen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9 MIME-Version: 1.0 To: Lev Serebryakov References: <201104201240.p3KCeAeA059249@freefall.freebsd.org> In-Reply-To: <201104201240.p3KCeAeA059249@freefall.freebsd.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@FreeBSD.org Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2011 20:01:13 -0000 On 20-4-2011 14:40, Lev Serebryakov wrote: > The following reply was made to PR bin/104921; it has been noted by GNATS. > > From: Lev Serebryakov > To: bug-followup@FreeBSD.org, seh-10lzx4@mail.quadrizen.com > Cc: freebsd-ipfw@FreeBSD.org, freebsd-net@freebsd.org > Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) > Date: Wed, 20 Apr 2011 16:36:55 +0400 > > Hello, Bug-followup. > > It is still valid for 8.2-STABLE: > > gateway# ipfw add 50000 allow ipv6-icmp from any to 2001:470:1f09:hhhh::/64= > ,2001:470:hhhh:1::/64,2001:470:hhhh:2::/64 icmp6types 1,2,3,4,128,129 keep-= > state > ipfw: bad netmask ``470:1f09:hhhh::/64'' > gateway# uname -a > FreeBSD gateway.home.serebryakov.spb.ru 8.2-STABLE FreeBSD 8.2-STABLE #0: F= > ri Apr 15 16:57:44 MSD 2011 lev@vmware-8-32.home.serebryakov.spb.ru:/us= > r/obj/nanobsd.gateway-net5501/usr/src/sys/NET5501 i386 > > It is very annoying bug, because "allow" rule can be divided into > one-rule-per-network, but "deny ... NOT IPv6,IPv6,..." is hard to > emulate (with multiple skipto rules). I think it is because the ':' has a different meaning in ipfw as well.... Would be nice to get ipfw to do the '[ipv6]' stuff, like some other programs do. eg. firefox, postfix..... I looked at the ipfw code, but it was too much work for me to fix in the short time I have to burn on and off. --WjW