ipv6 and ipfw
Stanislav Sedov
stas at deglitch.com
Mon Apr 20 16:35:58 UTC 2009
On Mon, 9 Feb 2009 17:29:11 -0800 (PST)
gahn <ipfreak at yahoo.com> wrote:
>
> Thanks Mark:
>
> my machine would load the modules when the system boots up. here is my rc.conf:
>
> firewall_enable="YES"
> firewall_script="/etc/ipfw.conf"
> firewall_logging="YES"
>
> does that matter?
Your system's ipfw definitely supports ipv6. You can use the same
firewall script to set up ipv6 rules as well.
Note, however, that there's a different set of sysctl exists to
control ip6fw, namely net.inet6.ip6.fw. Thus to enable it at the
boot time you certainly need to add ipv6_firewall_enable="YES"
into your rc.conf. There're also a bunch of other IPv6 related
configurational options exist:
ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall
# functionality
ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set
up the IPv6 firewall
ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6)
ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
ipv6_firewall_logging="NO" # Set to YES to enable events logging
--
Stanislav Sedov
ST4096-RIPE
!DSPAM:49eca46b967004490364599!
More information about the freebsd-security
mailing list