Date: Wed, 22 Jul 2009 10:20:50 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: net@freebsd.org Subject: IPv6 and ipfw Message-ID: <4A66CBE2.6050606@digiware.nl>
next in thread | raw e-mail | index | archive | help
Hi,
Running 7.2 I tried to insert this into my IPFW rules
# ipfw add allow udp from any to 2001:xxx:3::113,2001:xxxx:3::116 \
dst-port 10001-10100 keep-state
ipfw: bad netmask ``xxxx:3::113''
also:
# ipfw add allow udp from any to trixbox.ip6 dst-port 10001-10100 keep-state
ipfw: hostname ``trixbox.ip6'' unknown
Exit 68
# host trixbox.ip6
trixbox.ip6.digiware.nl has IPv6 address 2001:4cb8:3::116
So it looks like what is in the manual is overly optimistic:
----
addr6-list: ip6-addr[,addr6-list]
ip6-addr:
A host or subnet specified one of the following ways:
numeric-ip | hostname
Matches a single IPv6 address as allowed by inet_pton(3)
or a hostname. Hostnames are resolved at the time the
rule is added to the firewall list.
addr/masklen
Matches all IPv6 addresses with base addr (specified as
allowed by inet_pton or a hostname) and mask width of
masklen bits.
No support for sets of IPv6 addresses is provided because IPv6
addresses are typically random past the initial prefix.
----
Anybody else ran into this?
Or should I file this as a PR.
--WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A66CBE2.6050606>