Date: Sat, 12 Dec 2009 13:11:28 -0800 From: Aaron Stellman <zion@x96.org> To: freebsd-pf@freebsd.org Subject: Re: IPv6, PF problem Message-ID: <20091212211128.GA28@x96.org> In-Reply-To: <20091212012507.GD27716@x96.org> References: <20091212012507.GD27716@x96.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello there, > What does "pfctl -vvsr" give you for the rule? It should include the number > of addresses assigned to the interface in the braces - e.g. "... (bge0:4) ..." @8 pass in on bge0 proto tcp from any to (bge0:4) port = ftp flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 79900 ] > In addition, can you try to add separate rules for inet and inet6 - i.e. > > pass in on $ext_if inet proto tcp to ($ext_if) port 21 > pass in on $ext_if inet6 proto tcp to ($ext_if) port 21 @8 pass in on bge0 inet proto tcp from any to (bge0:2) port = ftp flags S/SA keep state [ Evaluations: 1 Packets: 17 Bytes: 916 States: 1 ] [ Inserted: uid 0 pid 80198 ] @9 pass in on bge0 inet6 proto tcp from any to (bge0:2) port = ftp flags S/SA keep state [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 80198 ] and it passes inet6 connection with these two rules. Do you consider it a bug? This essentially forces me to have 2 separate rules for inet and inet6. Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091212211128.GA28>