ipfw+antispoof breaks IPv6 link local
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Tue Jan 17 06:08:41 PST 2006
Wojciech Puchar <wojtek at tensor.3miasto.net> writes:
> can it be solved?
>
> with first rule in my firewall config i have
>
> flush
> add 2 deny ip from any to any not antispoof
>
>
> works fine - as long as no IPv6 link-local communication is needed -
> route6d is an example.
>
> changing it to
>
> add 2 deny ip4 from any to any not antispoof
>
>
> is using link-local addresses spoofing?!
I don't have time to come up with a fix at the moment, but that does
look like a bug to me. I'm not sure I can see any way around having
special-case code in the ip_fw2 code for link-local addresses...
More information about the freebsd-questions
mailing list