Date: Fri, 6 Jul 2001 15:59:10 +0200 From: "Niels Chr. Bank-Pedersen" <ncbp@bank-pedersen.dk> To: current@freebsd.org Subject: Re: ipfilter+ipv6 - what am I missing? Message-ID: <20010706155910.F770@bank-pedersen.dk> In-Reply-To: <20010701213327.O17514@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Sun, Jul 01, 2001 at 09:33:27PM %2B0200 References: <20010701142120.C770@bank-pedersen.dk> <005701c10256$d5361960$6503c23f@XGforce.com> <20010701213327.O17514@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 01, 2001 at 09:33:27PM +0200, Gerhard Sittig wrote: > On Sun, Jul 01, 2001 at 10:54 -0700, matt wrote: > > > > I don't think ipf is complete in its ipv6 support yet.You can > > use ipfw instead. > > Ipf has been supporting IPv6 for quite some time. It's just that > one has to enable this support in the Makefile. > > $ grep INET6 contrib/ipfilter/Makefile > #INET6=-DUSE_INET6 > MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(INET6)' \ > [ ... ] Thanks for the pointer - hadn't seen that (makes me wonder if we need a general ipv6 switch in /etc/defaults/make.conf?). Unfortunately I still can't convince ifilter to notice/block ipv6 packets :-( > And ISTR that one has to add "-6" to the ipf(8) invocation > options (like, in /etc/rc.conf). Yup, went there, did that - the following is taken from an ipv6 telnet session going throug the firewall (after make world with INET6=-DUSE_INET6): bm# ipfstat -6io block out quick on xl0 from any to any block out quick on vx0 from any to any block in quick on xl0 from any to any block in quick on vx0 from any to any bm# ipfstat -6 IPv6 packets: in 0 out 0 [..] /Niels Chr. -- Niels Christian Bank-Pedersen, NCB1-RIPE. Network Manager, TDC, IP-section. "Hey, are any of you guys out there actually *using* RFC 2549?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010706155910.F770>