IPv6 and IPFW

Hajimu UMEMOTO ume at freebsd.org
Wed Feb 8 09:09:46 PST 2006


Hi,

>>>>> On Wed, 8 Feb 2006 14:32:03 +0100
>>>>> Neal Nelson <nealie at kobudo.homeunix.net> said:

nealie> I've been trying to set up IPv6 and without ipfw my tunnel seems to 
nealie> work. However I cannot seem to setup ipfw to allow IPv6 to flow. Do I 
nealie> need to use ip6fw or just ipfw as that seems to accept ip6 protocols.

nealie> If I need to use ip6fw then why does ipfw accept ip6 protocols?

nealie> I'm using -STABLE from yesterday.

The ipfw in 6-STABLE has an IPv6 awareness, but it is not enabled as
far as you use ipfw as a KLD module.  If ipfw is compiled into kernel,
ipfw does filterling an IPv6 as well.

If you wish to enable an IPv6 support of ipfw as an KLD module, put
following lines into your /etc/make.conf and rebuild ipfw.ko:

	.if ${.CURDIR} == "/usr/src/sys/modules/ipfw"
	CFLAGS+=	-DINET6
	.endif

If you don't want to filter an IPv6 by ipfw, and want to filter an
IPv6 by ip6fw, please add following rule in your ipfw rule:

	add pass ip6 from any to any

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/


More information about the freebsd-stable mailing list