From owner-freebsd-ipfw@FreeBSD.ORG  Thu May 26 11:50:45 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A53D16A421
	for <freebsd-ipfw@freebsd.org>; Thu, 26 May 2005 11:50:45 +0000 (GMT)
	(envelope-from richardtector@thekeelecentre.com)
Received: from mx0.thekeelecentre.com (mx0.thekeelecentre.com
	[217.206.238.167])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 17D4743D1F
	for <freebsd-ipfw@freebsd.org>; Thu, 26 May 2005 11:50:44 +0000 (GMT)
	(envelope-from richardtector@thekeelecentre.com)
Received: from av.mx0.thekeelecentre.com (av.mx0.thekeelecentre.com
	[217.206.238.166])
	by mx0.thekeelecentre.com (Postfix) with ESMTP id 66DAD418C;
	Thu, 26 May 2005 12:22:03 +0100 (BST)
Received: from mx0.thekeelecentre.com ([217.206.238.167])
	by av.mx0.thekeelecentre.com (av.mx0.thekeelecentre.com
	[217.206.238.166]) (amavisd-new, port 10024)
	with ESMTP id 24305-06; Thu, 26 May 2005 12:22:03 +0100 (BST)
Received: from [217.206.238.190] (host-190.thekeelecentre.com
	[217.206.238.190])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx0.thekeelecentre.com (Postfix) with ESMTP id 1580F4099;
	Thu, 26 May 2005 12:21:52 +0100 (BST)
Message-ID: <4295B14B.2010302@thekeelecentre.com>
Date: Thu, 26 May 2005 12:21:47 +0100
From: Richard Tector <richardtector@thekeelecentre.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.3) Gecko/20040910
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: Max Laier <max@love2party.net>
References: <200505251634.34478.max@love2party.net>
In-Reply-To: <200505251634.34478.max@love2party.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at mx0.thekeelecentre.com
Cc: freebsd-ipfw@freebsd.org
Subject: Re: [PATCH] ipv4 only rules (test and feedback)
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2005 11:50:45 -0000

Max Laier wrote:

>With the patch attached you can now do:
>  
>  ipfw add 100 deny ipv4 from any to any
>or
>  ipfw add 100 deny ipv6 from any to any
>
>to block IPv4 or IPv6.
>  
>

How would you, for example, deny all udp traffic over ipv4 but not ipv6? 
Is this possible with ipfw2 as it stands?

Kind regards,

Richard Tector
CAPL Limited