From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jun 15 20:14:03 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 850DF106566B
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Jun 2008 20:14:03 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (6to4.home4u.ch [IPv6:2002:d908:d3e2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id F20EE8FC23
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Jun 2008 20:14:02 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from flashback.wenks.ch (flashback.wenks.ch [62.2.85.181])
	(authenticated bits=0)
	by batman.home4u.ch (8.13.1/8.13.1) with ESMTP id m5FKDwGh010056
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Jun 2008 22:14:00 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <48557801.5020203@wenks.ch>
Date: Sun, 15 Jun 2008 22:13:53 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <285153.62730.qm@web52505.mail.re2.yahoo.com>
In-Reply-To: <285153.62730.qm@web52505.mail.re2.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
Subject: Re: About IPFW for IPv6
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2008 20:14:03 -0000

Hello Edwin

On 14.06.08 04:27, Edwin Sanjoto wrote:
> Do you know how to set firewall for IPv6 using IPFW?

Just use ipfw the same like for IPv4, then since FreeBSD 6.x it 
does also support IPv6. If you still have an older version of 
FreeBSD, use ip6fw.


bye
Fabian

From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jun 15 20:43:33 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1DD311065673
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Jun 2008 20:43:33 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outB.internet-mail-service.net (outb.internet-mail-service.net
	[216.240.47.225])
	by mx1.freebsd.org (Postfix) with ESMTP id 0962A8FC13
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Jun 2008 20:43:32 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from idiom.com (mx0.idiom.com [216.240.32.160])
	by out.internet-mail-service.net (Postfix) with ESMTP id E87E52443;
	Sun, 15 Jun 2008 13:43:32 -0700 (PDT)
Received: from julian-mac.elischer.org (localhost [127.0.0.1])
	by idiom.com (Postfix) with ESMTP id 947572D6016;
	Sun, 15 Jun 2008 13:43:32 -0700 (PDT)
Message-ID: <48557EF6.3060509@elischer.org>
Date: Sun, 15 Jun 2008 13:43:34 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: Fabian Wenk <fabian@wenks.ch>
References: <285153.62730.qm@web52505.mail.re2.yahoo.com>
	<48557801.5020203@wenks.ch>
In-Reply-To: <48557801.5020203@wenks.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: About IPFW for IPv6
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2008 20:43:33 -0000

Fabian Wenk wrote:
> Hello Edwin
> 
> On 14.06.08 04:27, Edwin Sanjoto wrote:
>> Do you know how to set firewall for IPv6 using IPFW?
> 
> Just use ipfw the same like for IPv4, then since FreeBSD 6.x it does 
> also support IPv6. If you still have an older version of FreeBSD, use 
> ip6fw.
> 

there are some features that are not yet suported.. (e.g. tables and 
fwd I believe)

> 
> bye
> Fabian
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jun 16 11:06:57 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7542F1065673
	for <freebsd-ipfw@FreeBSD.org>; Mon, 16 Jun 2008 11:06:57 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 653A98FC1E
	for <freebsd-ipfw@FreeBSD.org>; Mon, 16 Jun 2008 11:06:57 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5GB6vOo036744
	for <freebsd-ipfw@FreeBSD.org>; Mon, 16 Jun 2008 11:06:57 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5GB6uEg036740
	for freebsd-ipfw@FreeBSD.org; Mon, 16 Jun 2008 11:06:56 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 16 Jun 2008 11:06:56 GMT
Message-Id: <200806161106.m5GB6uEg036740@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jun 2008 11:06:57 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/51274   ipfw       [ipfw] [patch] ipfw2 create dynamic rules with parent 
o kern/73910   ipfw       [ipfw] serious bug on forwarding of packets after NAT
o kern/74104   ipfw       [ipfw] ipfw2/1 conflict not detected or reported, manp
o kern/88659   ipfw       [modules] ipfw and ip6fw do not work properly as modul
o kern/93300   ipfw       [ipfw] ipfw pipe lost packets
o kern/95084   ipfw       [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v
o kern/97504   ipfw       [ipfw] IPFW Rules bug
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/98831   ipfw       [ipfw] ipfw has UDP hickups
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
o kern/103454  ipfw       [ipfw] [patch] [request] add a facility to modify DF b
o kern/106534  ipfw       [ipfw] [panic] ipfw + dummynet
o kern/112708  ipfw       [ipfw] ipfw is seems to be broken to limit number of c
o kern/117234  ipfw       [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s
o kern/118993  ipfw       [ipfw] page fault - probably it's a locking problem
o conf/123119  ipfw       [patch] rc script for ipfw does not handle IPv6

16 problems total.

Non-critical problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau
o kern/46159   ipfw       [ipfw] [patch] [request] ipfw dynamic rules lifetime f
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
o kern/69963   ipfw       [ipfw] install_state warning about already existing en
o kern/71366   ipfw       [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/72987   ipfw       [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
o bin/78785    ipfw       [patch] ipfw(8) verbosity locks machine if /etc/rc.fir
s kern/80642   ipfw       [ipfw] [patch] ipfw small patch - new RULE OPTION
o kern/82724   ipfw       [ipfw] [patch] [request] Add setnexthop and defaultrou
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o kern/87032   ipfw       [ipfw] [patch] ipfw ioctl interface implementation
o kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/103328  ipfw       [ipfw] [request] sugestions about ipfw table
o kern/104682  ipfw       [ipfw] [patch] Some minor language consistency fixes a
o bin/104921   ipfw       [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/105330  ipfw       [ipfw] [patch] ipfw (dummynet) does not allow to set q
o kern/107305  ipfw       [ipfw] ipfw fwd doesn't seem to work
o kern/111713  ipfw       [dummynet] [request] Too few dummynet queue slots
o kern/112561  ipfw       [ipfw] ipfw fwd does not work with some TCP packets
p kern/113388  ipfw       [ipfw][patch] Addition actions with rules within speci
o docs/113803  ipfw       [patch] ipfw(8) - don't get bitten by the fwd rule
o bin/115172   ipfw       [patch] ipfw(8) list show some rules with a wrong form
p kern/115755  ipfw       [ipfw][patch] unify message and add a rule number wher
o kern/116009  ipfw       [ipfw] [patch] Ignore errors when loading ruleset from
o kern/121122  ipfw       [ipfw] [patch] add support to ToS IP PRECEDENCE fields
o kern/121382  ipfw       [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor
s kern/121807  ipfw       [request] TCP and UDP port_table in ipfw
o kern/122963  ipfw       [ipfw] tcpdump does not show packets redirected by 'ip

30 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 17 03:22:42 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E1C731065674
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 03:22:42 +0000 (UTC)
	(envelope-from berlowin@yahoo.com)
Received: from web52504.mail.re2.yahoo.com (web52504.mail.re2.yahoo.com
	[206.190.48.187])
	by mx1.freebsd.org (Postfix) with SMTP id 7C94A8FC0A
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 03:22:42 +0000 (UTC)
	(envelope-from berlowin@yahoo.com)
Received: (qmail 71359 invoked by uid 60001); 17 Jun 2008 03:22:41 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=JjJoQo8WgIfqvXQRQ9ZJbkRmL1fvR5s2MP7lrnj9OJKWJgpItnFQILD3l/szyhNQ/vigJzEyZ/AoyYnDWmsLiqkooNO2n1CxhjTFhPZdNLnvfEg7yb4YaxhHpZNula9/jAycTt15KbpJaIvWX4FT+48Si84rWNX4Dck3e1U2q9g=;
Received: from [118.136.65.158] by web52504.mail.re2.yahoo.com via HTTP;
	Mon, 16 Jun 2008 20:22:40 PDT
X-Mailer: YahooMailRC/975.45 YahooMailWebService/0.7.199
Date: Mon, 16 Jun 2008 20:22:40 -0700 (PDT)
From: Edwin Sanjoto <berlowin@yahoo.com>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <33331.70286.qm@web52504.mail.re2.yahoo.com>
Subject: Re: freebsd-ipfw Digest, Vol 270, Issue 1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2008 03:22:43 -0000

>Just use ipfw the same like for IPv4, then since FreeBSD 6.x it 
>does also support IPv6. If you still have an older version of 
>FreeBSD, use ip6fw.


>bye
>Fabian

Hmm I have already used it as IPv4 firewall but it didn't work. are icmptypes for ipv6 different from ipv4? i just want to block any echo request to my computer from ipv6 network.

This is my Rule:
$cmd 00501 allow ipv6-icmp from $net to me in icmptypes 136 via $int
$cmd 00502 deny ipv6-icmp from any to me in icmptypes 136 via $int


      

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 17 03:24:21 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D99BD1065674
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 03:24:21 +0000 (UTC)
	(envelope-from berlowin@yahoo.com)
Received: from web52504.mail.re2.yahoo.com (web52504.mail.re2.yahoo.com
	[206.190.48.187])
	by mx1.freebsd.org (Postfix) with SMTP id 74C168FC0C
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 03:24:21 +0000 (UTC)
	(envelope-from berlowin@yahoo.com)
Received: (qmail 72511 invoked by uid 60001); 17 Jun 2008 03:24:21 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=UGJwejxsgW/rgZUk3ObOoE6lmyQbcmslIlvay15lvY4OL3R3UULnUgvPc3fGaa5JhQl6iOEI5XBMiqFGL/pfkWpfCKkn+QudsNtUqvApzegSwrLXR8wRRPYxYr23fxjS9F3cBhFWG1Ygl9HwhFeBJDD6D6DEouGQt3boYQJs7to=;
Received: from [118.136.65.158] by web52504.mail.re2.yahoo.com via HTTP;
	Mon, 16 Jun 2008 20:24:20 PDT
X-Mailer: YahooMailRC/975.45 YahooMailWebService/0.7.199
Date: Mon, 16 Jun 2008 20:24:20 -0700 (PDT)
From: Edwin Sanjoto <berlowin@yahoo.com>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <8260.72112.qm@web52504.mail.re2.yahoo.com>
Subject: Replied to Fabian and Others about ip6fw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2008 03:24:21 -0000


Hmm I have already used it as IPv4 firewall but it didn't work. are
icmptypes for ipv6 different from ipv4? i just want to block any echo
request to my computer from ipv6 network.

This is my Rule:
$cmd 00501 allow ipv6-icmp from $net to me in icmptypes 136 via $int
$cmd 00502 deny ipv6-icmp from any to me in icmptypes 136 via $int


 
Regards,

EDWIN Sanyoto
(berlowin@yahoo.com)



      

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 17 06:52:40 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 017DA106566B
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 06:52:40 +0000 (UTC)
	(envelope-from ygsoccer@biolabinc.com)
Received: from athedsl-183459.home.otenet.gr (athedsl-183459.home.otenet.gr
	[85.74.36.65]) by mx1.freebsd.org (Postfix) with SMTP id 2DA058FC17
	for <freebsd-ipfw@freebsd.org>; Tue, 17 Jun 2008 06:52:38 +0000 (UTC)
	(envelope-from ygsoccer@biolabinc.com)
Received: (qmail 27309 invoked from network); Tue, 17 Jun 2008 22:04:41 +0300
Received: from unknown (HELO vrq) (82.128.59.108)
	by athedsl-183459.home.otenet.gr with SMTP;
	Tue, 17 Jun 2008 22:04:41 +0300
Message-ID: <48580AC9.7000705@rohmhaas.com>
Date: Tue, 17 Jun 2008 22:04:41 +0300
From: <ygsoccer@biolabinc.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Pick up ,the po"hne and"  do it
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2008 06:52:40 -0000

As expecetd.

Com"-pany: Angstrom Micro-systems
T.ciker : agms.o.b
Suggested:, Buy/hold,
Sleling: .40
High Tradnig: 331,485

At'fer the great nwes last week, volume d_ tr'aded hit 331,485.

Mo re events will unfold", coim'ng into its own Ans-gtr,om is the one to
watch._

The price is sitll low, move fast b"uy amgs frist' .Tuedsay m.orning.


From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 18 06:01:14 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E999106566C;
	Wed, 18 Jun 2008 06:01:14 +0000 (UTC)
	(envelope-from dwmalone@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D14578FC15;
	Wed, 18 Jun 2008 06:01:13 +0000 (UTC)
	(envelope-from dwmalone@FreeBSD.org)
Received: from freefall.freebsd.org (dwmalone@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5I61Dr2054198;
	Wed, 18 Jun 2008 06:01:13 GMT
	(envelope-from dwmalone@freefall.freebsd.org)
Received: (from dwmalone@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5I61DWW054194;
	Wed, 18 Jun 2008 06:01:13 GMT (envelope-from dwmalone)
Date: Wed, 18 Jun 2008 06:01:13 GMT
Message-Id: <200806180601.m5I61DWW054194@freefall.freebsd.org>
To: goffredo@gmail.com, dwmalone@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: dwmalone@FreeBSD.org
Cc: 
Subject: Re: kern/111713: [dummynet] [request] Too few dummynet queue slots
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2008 06:01:14 -0000

Synopsis: [dummynet] [request] Too few dummynet queue slots

State-Changed-From-To: open->closed
State-Changed-By: dwmalone
State-Changed-When: Wed Jun 18 06:00:48 UTC 2008
State-Changed-Why: 
Closed at submitter's request as a suitable feature now exists.

	David.

http://www.freebsd.org/cgi/query-pr.cgi?pr=111713

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 18 14:02:42 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D7191065671
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 14:02:42 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from aa011msr.fastwebnet.it (aa011msr.fastwebnet.it [85.18.95.71])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F6088FC17
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 14:02:41 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from [192.9.244.22] (85.18.71.242) by aa011msr.fastwebnet.it
	(8.0.013.5) id 483216FE03BD8B6B for freebsd-ipfw@freebsd.org;
	Wed, 18 Jun 2008 15:51:08 +0200
Message-ID: <485912CC.4070707@libero.it>
Date: Wed, 18 Jun 2008 15:51:08 +0200
From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it>
User-Agent: Thunderbird 2.0.0.12 (X11/20080403)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <33331.70286.qm@web52504.mail.re2.yahoo.com>
In-Reply-To: <33331.70286.qm@web52504.mail.re2.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: freebsd-ipfw Digest, Vol 270, Issue 1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2008 14:02:42 -0000

Hi,
I see From [RFC4861] the icmpv6 type 136 is still used for "Neighbor
Advertisement" messagges

136  Neighbor Advertisement                           [RFC4861]

You must modify your ipfw IPv6 rules... see this URL for all informations:

http://www.iana.org/assignments/icmpv6-parameters

Anyway the "echo request" message type is 128 and the "echo reply"
message type is 129.



Cheers

Raffaele



Edwin Sanjoto wrote:
>> Just use ipfw the same like for IPv4, then since FreeBSD 6.x it 
>> does also support IPv6. If you still have an older version of 
>> FreeBSD, use ip6fw.
>>     
>
>
>   
>> bye
>> Fabian
>>     
>
> Hmm I have already used it as IPv4 firewall but it didn't work. are icmptypes for ipv6 different from ipv4? i just want to block any echo request to my computer from ipv6 network.
>
> This is my Rule:
> $cmd 00501 allow ipv6-icmp from $net to me in icmptypes 136 via $int
> $cmd 00502 deny ipv6-icmp from any to me in icmptypes 136 via $int
>
>
>       
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>   







From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 18 15:13:27 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4536E106567B
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 15:13:27 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from zmail.grupposervizi.it (mail1.tagetik.com [85.18.71.243])
	by mx1.freebsd.org (Postfix) with ESMTP id E7ABD8FC16
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 15:13:26 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from localhost (mail1.tagetik.com [127.0.0.1])
	by zmail.grupposervizi.it (Postfix) with ESMTP id D384A25C0001;
	Tue, 17 Jun 2008 09:37:19 +0200 (CEST)
X-Virus-Scanned: amavisd-new at 
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level: 
X-Spam-Status: No, score=-4.399 tagged_above=-10 required=5
	tests=[ALL_TRUSTED=-1.8, AWL=0.000, BAYES_00=-2.599]
Received: from zmail.grupposervizi.it ([127.0.0.1])
	by localhost (zmail.grupposervizi.it [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id NfRbo5ph7K5h; Tue, 17 Jun 2008 09:37:19 +0200 (CEST)
Received: from noel.grupposervizi.it (unknown [192.9.244.22])
	by zmail.grupposervizi.it (Postfix) with ESMTP id F0B2825C0004;
	Tue, 17 Jun 2008 09:37:18 +0200 (CEST)
Message-ID: <485769AD.3030705@libero.it>
Date: Tue, 17 Jun 2008 09:37:17 +0200
From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it>
User-Agent: Thunderbird 2.0.0.12 (X11/20080403)
MIME-Version: 1.0
To: Edwin Sanjoto <berlowin@yahoo.com>
References: <33331.70286.qm@web52504.mail.re2.yahoo.com>
In-Reply-To: <33331.70286.qm@web52504.mail.re2.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: freebsd-ipfw Digest, Vol 270, Issue 1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2008 15:13:27 -0000

Hi,
I see From [RFC4861] the icmpv6 type 136 is still used for "Neighbor 
Advertisement" messagges

136  Neighbor Advertisement                           [RFC4861]

You must modify your ipfw IPv6 rules... see this URL for all informations:

http://www.iana.org/assignments/icmpv6-parameters

Anyway the "echo request" message type is 128 and the "echo reply" message type is 129.



Cheers

Raffaele



Edwin Sanjoto wrote:
>> Just use ipfw the same like for IPv4, then since FreeBSD 6.x it 
>> does also support IPv6. If you still have an older version of 
>> FreeBSD, use ip6fw.
>>     
>
>
>   
>> bye
>> Fabian
>>     
>
> Hmm I have already used it as IPv4 firewall but it didn't work. are icmptypes for ipv6 different from ipv4? i just want to block any echo request to my computer from ipv6 network.
>
> This is my Rule:
> $cmd 00501 allow ipv6-icmp from $net to me in icmptypes 136 via $int
> $cmd 00502 deny ipv6-icmp from any to me in icmptypes 136 via $int
>
>
>       
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>   


From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 18 19:26:36 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 44B021065681
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 19:26:36 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (6to4.home4u.ch [IPv6:2002:d908:d3e2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id A60CE8FC29
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 19:26:34 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from flashback.wenks.ch (flashback.wenks.ch [62.2.85.181])
	(authenticated bits=0)
	by batman.home4u.ch (8.13.1/8.13.1) with ESMTP id m5IJQVnM037125
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Wed, 18 Jun 2008 21:26:32 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <48596162.6060809@wenks.ch>
Date: Wed, 18 Jun 2008 21:26:26 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <285153.62730.qm@web52505.mail.re2.yahoo.com>	<48557801.5020203@wenks.ch>
	<48557EF6.3060509@elischer.org>
In-Reply-To: <48557EF6.3060509@elischer.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
Subject: Re: About IPFW for IPv6
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2008 19:26:36 -0000

Hello Julian

On 15.06.08 22:43, Julian Elischer wrote:
> Fabian Wenk wrote:

>> Just use ipfw the same like for IPv4, then since FreeBSD 6.x it does 
>> also support IPv6. If you still have an older version of FreeBSD, use 
>> ip6fw.
>> 
> 
> there are some features that are not yet suported.. (e.g. tables and 
> fwd I believe)

I do not know about tables, but fwd sure is brocken and acting 
strange, see PR 117214 [1].

   [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=117214


bye
Fabian

From owner-freebsd-ipfw@FreeBSD.ORG  Sat Jun 21 10:31:13 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C2D52106564A
	for <freebsd-ipfw@freebsd.org>; Sat, 21 Jun 2008 10:31:13 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from cp-out8.libero.it (cp-out8.libero.it [212.52.84.108])
	by mx1.freebsd.org (Postfix) with ESMTP id 506B98FC13
	for <freebsd-ipfw@freebsd.org>; Sat, 21 Jun 2008 10:31:13 +0000 (UTC)
	(envelope-from raffaele.delorenzo@libero.it)
Received: from [10.0.0.20] (151.41.180.12) by cp-out8.libero.it (8.5.014)
	id 484D2FE801DCE692; Sat, 21 Jun 2008 12:20:05 +0200
Message-Id: <753F38D0-7643-4626-85B7-9557DFFDAC71@libero.it>
From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it>
To: Edwin Sanjoto <berlowin@yahoo.com>
In-Reply-To: <7147.22159.qm@web52505.mail.re2.yahoo.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v924)
Date: Sat, 21 Jun 2008 12:19:13 +0200
References: <7147.22159.qm@web52505.mail.re2.yahoo.com>
X-Mailer: Apple Mail (2.924)
Cc: freebsd-ipfw@freebsd.org
Subject: Re: freebsd-ipfw Digest, Vol 270, Issue 1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jun 2008 10:31:13 -0000

The "Neighbor Advertisement" messages are used for routing purples by  
the Neighbor Discovery Protocol..
The standard SSH port is 22
The standard Telnet port is 23

(ipfw add deny tcp from XXX:XXX:XX to any dst-port 22,23 via YYY)
these rules refer to IPFW not IP6FW. You must use IPFW.

cheers

Raffaele


On 19/giu/08, at 04:04, Edwin Sanjoto wrote:

> Thanks Raffaele, It works...
>
> another question that i want to ask is, what is the using of  
> "Neighbor Advertisement" which is icmptypes 136?
>
> LAst question:
> I don't know the rules to block ssh and telnet. I've already done  
> this:
> $cmd6 00503 allow tcp from 2001::6:111 to any 22,23 in via ed0
> $cmd6 00504 deny tcp from any to any 22,23 in via ed0
>
>
> But after i display the ip6fw list, i didn't find the rules for  
> blocking ssh and telnet.
>
>
> Regards,
>
> EDWIN Sanyoto
> (berlowin@yahoo.com)
>
>
> ----- Original Message ----
> From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it>
> To: Edwin Sanjoto <berlowin@yahoo.com>
> Cc: freebsd-ipfw@freebsd.org
> Sent: Tuesday, June 17, 2008 2:37:17 PM
> Subject: Re: freebsd-ipfw Digest, Vol 270, Issue 1
>
> Hi,
> I see From [RFC4861] the icmpv6 type 136 is still used for "Neighbor
> Advertisement" messagges
>
> 136  Neighbor Advertisement                           [RFC4861]
>
> You must modify your ipfw IPv6 rules... see this URL for all  
> informations:
>
> http://www.iana.org/assignments/icmpv6-parameters
>
> Anyway the "echo request" message type is 128 and the "echo reply"  
> message type is 129.
>
>
>
> Cheers
>
> Raffaele
>
>
>