kern/61544: ip6fw breakage on (at least) sparc64

Roderick van Domburg r.s.a.vandomburg at student.utwente.nl
Sun Jan 18 12:00:41 PST 2004 

>Number:         61544
>Category:       kern
>Synopsis:       ip6fw breakage on (at least) sparc64
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 18 12:00:38 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Roderick van Domburg
>Release:        FreeBSD 5.2-CURRENT sparc64
>Organization:
University of Twente 
>Environment:
System: FreeBSD stud187236.mobiel.utwente.nl 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Jan 18 01:30:58 CET 2004 roderick at stud187236.mobiel.utwente.nl:/usr/obj/usr/src/sys/MAGOG sparc64


	
>Description:
I just built and installed a new world and kernel on a sparc64, and
unfortunately ip6fw no longer seems to work correctly.

The box runs an IPv6-enabled Apache server. With the previous kernel (Sun Jan
11 14:03:52 CET 2004), I could access that Apache server without any problems
from my IPv6-enabled workstation.

With today's kernel (Sun Jan 18 01:30:58 CET 2004) the same firewall
configuration no longer does the trick (attached below).

Funny thing: if I issue a "ip6fw add 50 allow ipv6 from any to any", everything
looks peachy, but a "ip6fw add 50 allow tcp from any to any" blocks traffic all
the same.
	
>How-To-Repeat:
Firewall configuration:

00100 allow ipv6 from any to any via lo0 00200 allow ipv6-icmp from :: to ff02::/16 00300 allow ipv6-icmp from fe80::/10 to fe80::/10 00400 allow ipv6-icmp from fe80::/10 to ff02::/16 00500 allow ipv6 from fe80::/10 to ff02::/16 00600 allow ipv6 from 2001:610:1908::/48 to ff02::/16 00700 allow tcp from any to any established 00800 allow ipv6 from any to any frag 00900 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 22 setup 01000 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup 01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup 01200 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup 01300 deny tcp from any to any setup 01400 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01500 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53 01600 allow ipv6-icmp from any to any icmptype 33 01700 allow ipv6-icmp from any to any icmptype 34
65535 deny ipv6 from any to any
	
>Fix:
Unknown.
	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list