From owner-freebsd-pf@freebsd.org  Tue Jun  4 19:59:17 2019
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14E2915BC12F
 for <freebsd-pf@mailman.ysv.freebsd.org>; Tue,  4 Jun 2019 19:59:17 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com
 [IPv6:2a00:1450:4864:20::335])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8B6CC83F07;
 Tue,  4 Jun 2019 19:59:16 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: by mail-wm1-x335.google.com with SMTP id s3so4456wms.2;
 Tue, 04 Jun 2019 12:59:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=8j8Hk9LtLja4UzEZyVrnoHIsTlFilXA1dogoLdRLy1k=;
 b=DfDebDsCXkbVlGczUZHnUp6kXoXmeG0mC5wkMvhALG23wM0/1JhHUCv5XQNGtTzsx7
 Mgza42RxO++H9VS8PteVM855S+8uMdVv4mYeG648nT7hmY9WArf+T9iwl+NloiHvUcvQ
 7lMGAPNGAeQeXAwiGqmg8omRm8ZbfwZufdckmQD/UUhyalJrnfTBSUvr8N4bEO8tLmWL
 90i978YdaX/jwrBJP/TRl7xedjBQgyOyLHr/WwQWp6CamIrHTgGUJCada84mjbl6jEFH
 YMOAU2QJs4rtPcMaJujPiQ/tMz/RfFalFwV1SAJM9up4I746/ZcGZCdSHwvrj5r0tn4v
 xjZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=8j8Hk9LtLja4UzEZyVrnoHIsTlFilXA1dogoLdRLy1k=;
 b=mOL5TcGZB4pM504YRbpy2jF38QhNTXGEuAHrzzt23ekdN3x60JELPcqMrksOKWk3/2
 zULJCxliRkQC+Fw3Ouvp3DCbI4i+wtD9ejxmssuHpKSaOUY8fF11mbOsGiKf0sY0VQsO
 40Aej5s/lT8xMOXCR2oImxp4jX6sf17Ir1GhI+I1VRV6LMI/N6DtdMlMLG3gZvtvkIlU
 sxmk+P/qunfeIN67L5YAJsJKQDRCPpGXyKOrAJd1FThiKamA/DYuBgChDPzSn0L6jQ4R
 wAQxaQNa94oM/7nOaEDXAqdyeBSmE2jS/Qo8jt9SP/JyIVjF6P42OgCZOORvLbLxP7MK
 V/pQ==
X-Gm-Message-State: APjAAAU/RdEqULe4QvunxAndFmAd/ATITtDszagnE+2MbuvE4g1LVGGv
 86gTT5kpBozhNAhicgQmpQOmQ7chfkLzWXU66FUscfjV
X-Google-Smtp-Source: APXvYqyoWRbH+AL2fQyiyEWqhIL1QjYzJbfOxbReCQCFD7Ul3k7Cpo99RecnRkMO7Q5hewjtzWl55Bv2v+sv2UgE5rw=
X-Received: by 2002:a7b:cd84:: with SMTP id y4mr20119570wmj.41.1559678355009; 
 Tue, 04 Jun 2019 12:59:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:a709:0:0:0:0:0 with HTTP;
 Tue, 4 Jun 2019 12:59:14 -0700 (PDT)
In-Reply-To: <20190604175445.GE5902@home.opsec.eu>
References: <CAPORhP5Mm49QPzBW7DgziS55EqeWSBDqn9vBkkeGpSdcsApUig@mail.gmail.com>
 <20190604175445.GE5902@home.opsec.eu>
From: David Mehler <dave.mehler@gmail.com>
Date: Tue, 4 Jun 2019 15:59:14 -0400
Message-ID: <CAPORhP4om1qan3W7kZN2sDjTygwexQyheQy3V3WzPhFEW9c_nA@mail.gmail.com>
Subject: Re: FreeBSD 12, pf, and Dual IP stack?
To: Kurt Jaeger <pi@freebsd.org>
Cc: freebsd-pf <freebsd-pf@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 8B6CC83F07
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.96 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_SHORT(-0.96)[-0.958,0]; TAGGED_FROM(0.00)[]
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2019 19:59:17 -0000

Hello Kurt,

Thank you for your reply.

Yes, an ifconfig on my vtnet0 interface does show the ipv6 address and
it has prefixlen 64 I'm assuming that's what your refering to? Can you
clarify your meaning about ipv6 aliases?

Thanks.
Dave.


On 6/4/19, Kurt Jaeger <pi@freebsd.org> wrote:
> Hi!
>
>> I'm running a vps running FreeBSD 12 with pf as firewall. I've got a
>> public ipv4 and a public ipv6 address, the latter is not going through
>> a tunnel broker.
>>
>> I can not wrap my head around ipv6 probably because I'm use to decimal
>> representations and ipv4 addressing. If anyone has a primer I would
>> welcome it.
>>
>> With regards ipv6 I don't know if my address gives me one address or a
>> range?
>
> It gives you one IPv6 address, not a range.
>
> But as the netmask is /64, you can add quite a few ipv6 interface
> aliases to play with.
>
>> If a range what I'm wanting to do is assign that range to jails
>> running on a cloned interface lo1 so that each of them can have their
>> own ipv6 as well as natted ipv4 addresses.
>
> Yes, that might work.
>
> --
> pi@opsec.eu            +49 171 3101372                    One year to go !
>