Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jul 2009 12:46:29 +0200
From:      Willem Jan Withagen <>
To:        Raffaele De Lorenzo <>
Subject:   Re: R: IPv6 and ipfw
Message-ID:  <>
In-Reply-To: <>
References:  <3164304.442981248256119643.JavaMail.defaultUser@defaultHost> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Raffaele De Lorenzo wrote:
> Hi all,
> I attached a patch that solve this problem. I will send a PR as soon as 
> possible.
> Instructions:
> Patch the follow files:
> /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff)
> /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff)
> /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff)
> This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8 
> BETA 2 Sources.
> Let me know any suggestion or problem.

Patch worked fine on 7.2-stable as well.
Multiple ipv6 addresses are now accepted in one go.

But it still does not really works as well as I would like ;):

ipfw add 11101 allow udp from any to,2001:dddd:c::67 dst-port 
45457 keep-state
ipfw: bad netmask ``dddd:c::67''

Which from your comment seems correct:
+ * Pre-Check multi address rules to avoid parser confusion about IPv4/IPv6 
+ * XXX I assume the first know address is the reference address (You cannot 
use both IPv4/IPv6 addresses inside
+ * a multi-addresses rule).

But looking at the code, why not fist parse chunks seperated by ',' and then 
test them for all possible variants, because as far as I understand there 
are no ',''s allowed in the adresspec.

Thanx for the work thusfar,


Want to link to this message? Use this URL: <>