Date: Mon, 15 Oct 2001 00:52:37 +0200 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter ipv6 Message-ID: <20011015005237.D93723@diabolic-cow.chatgris.net> In-Reply-To: <20011015075708.B29012@aurema.com>; from vance@aurema.com on Mon, Oct 15, 2001 at 07:57:08AM %2B1000 References: <20011014232019.A29012@aurema.com> <20011014152203.O69352-100000@darkwing.turbo.net> <20011014201557.C93723@diabolic-cow.chatgris.net> <20011015075708.B29012@aurema.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 15, 2001 at 07:57:08AM +1000, Christopher Vance wrote: > On Sun, Oct 14, 2001 at 08:15:57PM +0200, Rémi Guyomarch wrote: > : On Sun, Oct 14, 2001 at 03:26:27PM +0200, Henrik Holmstam wrote: > : > On Sun, 14 Oct 2001, Christopher Vance wrote: > : > > : > > Is there any reason why FreeBSD ipfilter is compiled without ipv6? > : > > Does it not work, or is nobody FreeBSDish interested? > : > : I don't think IPFilter is IPv6-ready. There's some support but I don't > : think it's stable or tested enough at this point. I may be wrong. > > Is that a judgement made by ipfilter people on what it does on FreeBSD, > or by FreeBSD people on what ipfilter does/doesn't do? Neither :) I tested IPFilter 3.4.x against IPv6 sometimes ago on OpenBSD and it wasn't ready. Situation might have evolved, this is why I wrote "I may be wrong". > I was looking for ways to filter tcp and udp traffic by their ip6 > addresses. ipf filtering gif/stf traffic by where the tunnel came > from is not what I meant, since that's only filtering protocol 41 (or > whatever) as ip4 traffic, with no understanding of ip6 addressing. Exactly. > It looks to me that the default compile of ipfilter on FreeBSD 4-S > turns off the -6 option and the USE_INET6 cpp define, and removes > mention of -6 from the manual pages. Seems like someone went to some > effort to remove it, and I was wondering why, and whether it was > easier to put back in. Well, there's one thing to consider : the FreeBSD commiter of IPFilter is IPFilter's author itself, Darren Reed. And it seems he choose to not enable IPv6 filtering. He should have good reasons to do so. But you could add the right define in a few Makefiles, recompile everything and test yourself :) -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015005237.D93723>