Date: 17 Jan 2006 09:08:37 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Wojciech Puchar <wojtek@tensor.3miasto.net> Cc: glebius@freebsd.org, freebsd-questions@freebsd.org, cperciva@freebsd.org Subject: Re: ipfw+antispoof breaks IPv6 link local Message-ID: <44u0c3dk0q.fsf@be-well.ilk.org> In-Reply-To: <20060116020929.Y42694@chylonia.3miasto.net> References: <20060116020929.Y42694@chylonia.3miasto.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar <wojtek@tensor.3miasto.net> writes: > can it be solved? > > with first rule in my firewall config i have > > flush > add 2 deny ip from any to any not antispoof > > > works fine - as long as no IPv6 link-local communication is needed - > route6d is an example. > > changing it to > > add 2 deny ip4 from any to any not antispoof > > > is using link-local addresses spoofing?! I don't have time to come up with a fix at the moment, but that does look like a bug to me. I'm not sure I can see any way around having special-case code in the ip_fw2 code for link-local addresses...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44u0c3dk0q.fsf>