From owner-freebsd-ipfw@FreeBSD.ORG  Sun Nov 27 01:15:13 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22A6316A41F;
	Sun, 27 Nov 2005 01:15:13 +0000 (GMT)
	(envelope-from gael.roualland@dial.oleane.com)
Received: from tom.weedns.com (gre92-1-81-57-176-124.fbx.proxad.net
	[81.57.176.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C377943D81;
	Sun, 27 Nov 2005 01:15:08 +0000 (GMT)
	(envelope-from gael.roualland@dial.oleane.com)
Received: from dial.oleane.com (tom.priv [192.168.27.2])
	by tom.weedns.com (8.13.1/8.13.1) with ESMTP id jAR1GN9d040434
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT);
	Sun, 27 Nov 2005 02:16:24 +0100 (CET)
Sender: gael.roualland@dial.oleane.com
Message-ID: <43890899.5EB469C3@dial.oleane.com>
Date: Sun, 27 Nov 2005 02:15:05 +0100
From: =?iso-8859-1?Q?Ga=EBl?= Roualland <gael.roualland@dial.oleane.com>
X-Mailer: Mozilla 4.8 [fr] (X11; U; Linux 2.6.12.5 i686)
X-Accept-Language: fr, en
MIME-Version: 1.0
To: Hajimu UMEMOTO <ume@freebsd.org>
References: <200511232143.jANLh7x3022902@jerry.priv>
	<ygeu0dzxive.wl%ume@mahoroba.org>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-ipfw@freebsd.org, FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4
 on 6.0-RELEASE
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Nov 2005 01:15:13 -0000

Hajimu UMEMOTO a écrit :
> gael>  It does work, at least IPv6-over-IPv4 packets are not blocked, but ipfw
> gael>  list/show reports the rule as "allow ip from a.b.c.d to me" and it does
> gael>  filter it that way, opening a lot more than just protocol 41...
> 
> Umm, 41 is treated as ipv6, internally.  With following patch,
> 
>         allow ip from a.b.c.d to me proto 41
> 
> should work for workaround.  However, it is still incomplete, and
> `ipfw show' shows
> 
>         allow ip from any to any proto ipv6
> 
> Apart from this limitation, it seems working to me here.

I applied the patch, and 'show' was fine (except for ipv6 instead of
41), but it did break my other rules.. Looks like "allow ip from any to
any" doesn't match anything anymore...

Gaël.

-- 
Gaël Roualland -+- gael.roualland@dial.oleane.com