implementing ipv6 into my ipfw ruleset...
Jason Usher
jusher71 at yahoo.com
Tue Jun 5 22:12:12 UTC 2012
I have a fairly simple ipfw ruleset, which looks like:
100 allow tcp from any to any established
110 allow icmp from any to any icmptypes 0,3,8,11
120 deny icmp from any to any
130 allow ip from any to any via lo0
200 allow udp from me to any 53
210 allow udp from any 53 to me
220 allow udp from any to me 33433-33499
230 allow tcp from any to 82.197.184.219 22,80,443 setup
65000 deny log ip from any to me
65001 deny log ip from any to me6
What I am wondering is, am I blocking all ipv6 traffic by not explicitly allowing ipv6 in (for the established rule 100, icmp rule 110, and the entire block of 200-230) ?
Or, since that is all tcp/udp/icmp, it doesn't matter, and I am properly allowing in ipv6 traffic, but ONLY for the tcp/udp ports I specify, and then blocking the rest ?
Basically: how is my ruleset treating ipv6 traffic (other than the fact that, at the end of the set, I deny all ipv6 that has gotten to that point)
thank you.
More information about the freebsd-questions
mailing list