From owner-freebsd-security Wed Feb 28 7:45:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 6454237B719; Wed, 28 Feb 2001 07:45:06 -0800 (PST) (envelope-from nectar@nectar.com) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 4C6E718C91; Wed, 28 Feb 2001 09:45:05 -0600 (CST) Received: (from nectar@localhost) by hamlet.nectar.com (8.11.2/8.9.3) id f1SFj5608424; Wed, 28 Feb 2001 09:45:05 -0600 (CST) (envelope-from nectar@spawn.nectar.com) Date: Wed, 28 Feb 2001 09:45:04 -0600 From: "Jacques A. Vidrine" To: Hajimu UMEMOTO Cc: Arjan.deVet@adv.iae.nl, rasputin@FreeBSD-uk.eu.org, stable@freebsd.org, freebsd-security@freebsd.org, darrenr@freebsd.org Subject: IPFILTER IPv6 support non-functional? (was Re: IPF and IPv6) Message-ID: <20010228094504.A56540@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Hajimu UMEMOTO , Arjan.deVet@adv.iae.nl, rasputin@FreeBSD-uk.eu.org, stable@freebsd.org, freebsd-security@freebsd.org, darrenr@freebsd.org References: <20010227152544.A69259@dogma.freebsd-uk.eu.org> <20010227210734.A27354@adv.devet.org> <20010228.185102.92589032.ume@imasy.or.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010228.185102.92589032.ume@imasy.or.jp>; from ume@imasy.or.jp on Wed, Feb 28, 2001 at 06:51:02PM +0900 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Feb 28, 2001 at 06:51:02PM +0900, Hajimu UMEMOTO wrote: > >>>>> On Tue, 27 Feb 2001 21:07:34 +0100 > >>>>> Arjan de Vet said: > > >In article <20010227152544.A69259@dogma.freebsd-uk.eu.org> you write: > > >Turning off ipf starts the traffic flowing instantly, so it's definitely > >the cause, as does: > > > IP-filter does not yet support IPv6 on -stable, see > > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25403 > > I heared from KAME guys that even though IP-filter has IPv6 code, it > doesn't work with IPv6 at all. It is not only for FreeBSD but also > NetBSD. Can someone confirm whether or not IPv6 rulesets work with IPFILTER on FreeBSD? I don't have an environment to test this at the moment, but I'm pretty sure this worked previously. By the way, if you are loading IPv4 and IPv6 rulesets, I think you must do something like this: % ipf -I -Fa % ipf -I -f /etc/ipf.conf # IPv4 rules % ipf -I -6 -f /etc/ipf6.conf # IPv6 rules % ipf -s I'd like to know before I MFC -DUSE_INET6 for the utilities. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message