Date: Sat, 23 Mar 2002 23:35:30 +0100 (MET) From: Mark Huizer <xaa@dohd.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/36240: new IPFilter works for IPv6 - no hooks in rc.* Message-ID: <20020323223530.B9584D908@nala.dohd.org>
next in thread | raw e-mail | index | archive | help
>Number: 36240 >Category: kern >Synopsis: new IPFilter works for IPv6 - no hooks in rc.* >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 23 14:40:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Mark Huizer >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD eeyore.local.dohd.org 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Sat Mar 23 17:57:04 MET 2002 xaa@eeyore.local.dohd.org:/sources/obj/sources/src/sys/eeyore i386 Current as of saturday March-23 >Description: The new IPFilter upgrade finally has decent working filtering for IPv6, which combined with a default of blocking, means that no IPv6 traffic is possible. The rc* scripts have no hooks to load /etc/ipf.rules6 or something similar >How-To-Repeat: use IPFILTER and IPFILTER_DEFAULT_BLOCK, and try to make IPv6 work :-) >Fix: /etc/rc.network should have hooks for IPv6 (or there should be a ipfilter_enable6, which does a ipf -6 -f $ipfilter_file6 or something) No patches yet. I'm not sure if this should go in rc.network (where all the filtering is done) or rc.network6 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020323223530.B9584D908>