Date: Tue, 13 Oct 2015 12:59:48 -0400 From: David Mehler <dave.mehler@gmail.com> To: Kristof Provost <kp@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: Rules sanity check Message-ID: <CAPORhP6kQgeutnUnRwbRY==H34NsiBEecOzOvckqz-_c-gd=wA@mail.gmail.com> In-Reply-To: <B32C77D5-AE6C-471F-8427-B581E80C6748@FreeBSD.org> References: <CAPORhP7GxqYGmzk1ZT7sAzMMze3CEwkWUCC2zDWRLNJZC=RH9Q@mail.gmail.com> <B32C77D5-AE6C-471F-8427-B581E80C6748@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Thanks. How do I get icmpv6 going? That is certainly a problem I'm having. Thanks. Dave. On 10/13/15, Kristof Provost <kp@freebsd.org> wrote: > >> On 13 Oct 2015, at 05:51, David Mehler <dave.mehler@gmail.com> wrote: >> Some things I know definitely aren't working is the ipv6 allowing of >> ssh and http, ipv6 ping doesn't work gives a udp error, ftp from the >> machine the data connection doesn't come through, i'm assuming i'll >> have that same problem when I set up a jailed ftp server as well. >> > You really, really want to allow ICMPv6. Without ICMPv6 critical things > like path MTU (remember, there=E2=80=99s no router fragmentation in IPv6,= you > *need* path MTU discovery) and router advertisements. > > It=E2=80=99s still possible to filter out undesirable ICMPv6 types, but I= =E2=80=99d start > out just allowing everything. > > I=E2=80=99ve not looked at the rest of it in any depth, but the ICMPv6 th= ing > probably > explains all of the IPv6 issues you=E2=80=99ve had. > > Regards, > Kristof > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP6kQgeutnUnRwbRY==H34NsiBEecOzOvckqz-_c-gd=wA>