Re: rule for any IPv6 address

In reply to: Dan Mahoney (ports): "Re: rule for any IPv6 address"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dan Mahoney (ports) <freebsd_at_gushi.org>
Date: Sun, 19 Apr 2026 20:10:15 UTC


> On Apr 19, 2026, at 1:06 PM, Dan Mahoney (ports) <freebsd@gushi.org> wrote:
> 
> Whoops, sent from wrong address.
> 
>> On Apr 19, 2026, at 3:07 AM, Marco Moock <mm@dorfdsl.de> wrote:
>> 
>> Hello!
>> 
>> # ipfw add 01000 allow tcp from ::/0 to me 80
>> 01000 allow tcp from me6 to me 80
> 
> 
> # ipfw add 65500 allow ip6 from any to me 80 proto tcp
> 65500 allow ip6 from any to me6 80 proto tcp
> 
> note that the kernel then interprets me as "me6" since it knows it's an ipv6 me.
> 
> Yeah, it might be useful if there was aliases for:
> 
> allow tcp6 from any to me, that under the hood got rendered as:
> 
> allow ip6 from any to me6 proto tcp
> 
> But yeah, this seems to be The Way.
> 
> Also note that while reading the manpage for this, I found a weird mention of "inner" protocols that I pushed a docbug for.
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294648

Oh, also, the fact that your ipfw interpreted ::/0 as "me6" also feels like a bug.  Perhaps someone else could comment on that.

-Dan