Lost IPv6 with ipfw in latest stable
Kevin Oberman
oberman at es.net
Mon Aug 14 19:22:09 UTC 2006
For the first time since about may I have updated my 6-Stable system and
my firewall seems badly broken with IPv6.
1. Any rule with me6 is rejected as an unknown host
2. A rule of "allow ip from me to any" still is blocking IPv6
3. I am seeing ICMPv6 type 135 blocked even though I have a rule to
explicitly allow it:
allow ipv6-icmp from any to me ip6 icmp6types 134,135,136
When I booted up, the console said that "ipfw2 (+ipv6) initialized", but
it really looks like the IPv6 stuff is not working right. I did try to
explicitly add a rule permitting my IPv6 source to send to my DNS server
and that does appear to work.
My firewall on my -current system seems to be OK except that 'me6' is
not accepted there, either. (I suspect the documentation needs updating.)
Am I doing something dumb or is something broken in ipfw?
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the freebsd-stable
mailing list