Date: Sun, 27 Apr 2008 19:40:37 +0100 From: Vince <jhary@unsane.co.uk> To: Kevin Oberman <oberman@es.net> Cc: net@freebsd.org Subject: Re: ipfw can't be disabled for IPv56 Message-ID: <4814C8A5.9070605@unsane.co.uk> In-Reply-To: <20080425211622.302CB45010@ptavv.es.net> References: <20080425211622.302CB45010@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Oberman wrote:
>> Date: Fri, 25 Apr 2008 16:48:46 -0300
>> From: "Tobias P. Santos" <tobias@netconsultoria.com.br>
>>
>> Kevin Oberman wrote:
>>> Running 7-STABLE of April 10, if I disable the firewall ('sysctl
>>> net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had
>>> to add a "allow ip from any to any" rule to get IPv6 to work pass
>>> traffic. (Since I was accessing the system in question via IPv6, this
>>> was a bit annoying!)
>>>
>>> Am I missing anything? The rc.subr script for ipfw just sets the sysctl I
>>> did when it stops the firewall.
>>
<snip>
>> net.link.ether.ipfw: 0
>> net.inet6.ip6.fw.enable: 1 <------------ voila!!!
>> net.inet6.ip6.fw.debug: 1
<snip>
>
> Thanks! I need to file a PR to get that into the rc script. I should
> have looked for a inet6 specific sysctl for this.
Hate to say this but....
#
# $FreeBSD: src/etc/rc.d/ip6fw,v 1.9 2007/04/02 15:38:53 mtm Exp $
#
# PROVIDE: ip6fw
# REQUIRE: routing
# BEFORE: network_ipv6
# KEYWORD: nojail
. /etc/rc.subr
name="ip6fw"
rcvar=`set_rcvar ipv6_firewall`
start_cmd="ip6fw_start"
stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
required_modules="ipfw"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4814C8A5.9070605>