Date: Thu, 09 Feb 2006 02:09:32 +0900 From: Hajimu UMEMOTO <ume@freebsd.org> To: Neal Nelson <nealie@kobudo.homeunix.net> Cc: freebsd-stable@freebsd.org Subject: Re: IPv6 and IPFW Message-ID: <ygek6c5ixpv.wl%ume@mahoroba.org> In-Reply-To: <5e9d9fe557ea6dedf8f173c257a0c7a9@kobudo.homeunix.net> References: <5e9d9fe557ea6dedf8f173c257a0c7a9@kobudo.homeunix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Wed, 8 Feb 2006 14:32:03 +0100
>>>>> Neal Nelson <nealie@kobudo.homeunix.net> said:
nealie> I've been trying to set up IPv6 and without ipfw my tunnel seems to
nealie> work. However I cannot seem to setup ipfw to allow IPv6 to flow. Do I
nealie> need to use ip6fw or just ipfw as that seems to accept ip6 protocols.
nealie> If I need to use ip6fw then why does ipfw accept ip6 protocols?
nealie> I'm using -STABLE from yesterday.
The ipfw in 6-STABLE has an IPv6 awareness, but it is not enabled as
far as you use ipfw as a KLD module. If ipfw is compiled into kernel,
ipfw does filterling an IPv6 as well.
If you wish to enable an IPv6 support of ipfw as an KLD module, put
following lines into your /etc/make.conf and rebuild ipfw.ko:
.if ${.CURDIR} == "/usr/src/sys/modules/ipfw"
CFLAGS+= -DINET6
.endif
If you don't want to filter an IPv6 by ipfw, and want to filter an
IPv6 by ip6fw, please add following rule in your ipfw rule:
add pass ip6 from any to any
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygek6c5ixpv.wl%ume>