ipfw can't be disabled for IPv56
Tobias P. Santos
tobias at netconsultoria.com.br
Fri Apr 25 20:16:48 UTC 2008
Kevin Oberman wrote:
> Running 7-STABLE of April 10, if I disable the firewall ('sysctl
> net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had
> to add a "allow ip from any to any" rule to get IPv6 to work pass
> traffic. (Since I was accessing the system in question via IPv6, this
> was a bit annoying!)
>
> Am I missing anything? The rc.subr script for ipfw just sets the sysctl I
> did when it stops the firewall.
# sysctl -a | grep fw
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 8
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1
net.link.ether.ipfw: 0
net.inet6.ip6.fw.enable: 1 <------------ voila!!!
net.inet6.ip6.fw.debug: 1
net.inet6.ip6.fw.verbose: 1
net.inet6.ip6.fw.verbose_limit: 0
net.inet6.ip6.fw.deny_unknown_exthdrs: 1
More information about the freebsd-net
mailing list