Re: rule for any IPv6 address

Reply: Dan Mahoney (ports): "Re: rule for any IPv6 address"
In reply to: Marco Moock : "rule for any IPv6 address"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dan Mahoney (ports) <freebsd_at_gushi.org>
Date: Sun, 19 Apr 2026 20:06:41 UTC

Whoops, sent from wrong address.

> On Apr 19, 2026, at 3:07 AM, Marco Moock <mm@dorfdsl.de> wrote:
> 
> Hello!
> 
> # ipfw add 01000 allow tcp from ::/0 to me 80
> 01000 allow tcp from me6 to me 80

# ipfw add 65500 allow ip6 from any to me 80 proto tcp
65500 allow ip6 from any to me6 80 proto tcp

note that the kernel then interprets me as "me6" since it knows it's an ipv6 me.

Yeah, it might be useful if there was aliases for:

allow tcp6 from any to me, that under the hood got rendered as:

allow ip6 from any to me6 proto tcp

But yeah, this seems to be The Way.

Also note that while reading the manpage for this, I found a weird mention of "inner" protocols that I pushed a docbug for.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294648