bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4
(another variation on PR 91245)
Lev Serebryakov
lev at FreeBSD.org
Wed Apr 20 12:36:58 UTC 2011
Hello, Bug-followup.
It is still valid for 8.2-STABLE:
gateway# ipfw add 50000 allow ipv6-icmp from any to 2001:470:1f09:hhhh::/64,2001:470:hhhh:1::/64,2001:470:hhhh:2::/64 icmp6types 1,2,3,4,128,129 keep-state
ipfw: bad netmask ``470:1f09:hhhh::/64''
gateway# uname -a
FreeBSD gateway.home.serebryakov.spb.ru 8.2-STABLE FreeBSD 8.2-STABLE #0: Fri Apr 15 16:57:44 MSD 2011 lev at vmware-8-32.home.serebryakov.spb.ru:/usr/obj/nanobsd.gateway-net5501/usr/src/sys/NET5501 i386
It is very annoying bug, because "allow" rule can be divided into
one-rule-per-network, but "deny ... NOT IPv6,IPv6,..." is hard to
emulate (with multiple skipto rules).
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-net
mailing list