Date: Wed, 10 Jun 2015 20:57:02 -0300 From: Fernando Gont <fernando@gont.com.ar> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: PF support for IPv6 Extension Headers Message-ID: <5578CECE.2050703@gont.com.ar>
next in thread | raw e-mail | index | archive | help
Folks, What's the level f support of PF wrt IPv6 Extension Headers? pf.conf(5) talks about an implicit block rule for packets employing the routing header, but I've not been able to find anything about e.g., * Filtering packets on a per-EH-type-occurrence (e.g. "block packets that contain a Destination Options Header") * Filtering packets base on the EH size * Filtering packets based on the number of EHs they contain (e.g., drop the packet if it employs more than 5 EHs) etc. Thoughts? Thanks! Best regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5578CECE.2050703>