Does ip6fw work for you on sparc64?
Roderick van Domburg
r.s.a.vandomburg at student.utwente.nl
Mon Aug 2 06:05:39 PDT 2004
Hello everybody,
Does ip6fw work for any sparc64 owners? It hasn't been working correctly
for me for as long as I can remember. Behavior is very erratic: allow
ipv6 works, but allow {tcp|udp} doesn't. Such rules do show up in the
traffic counter, but really don't allow any traffic passing it at all.
I run a sparc64 with a world from 2004-08-02. Here's my firewall
configuration:
00100 allow ipv6 from any to any via lo0
00200 deny ipv6 from any to ::1
00300 deny ipv6 from ::1 to any
00400 allow ipv6-icmp from :: to ff02::/16
00500 allow ipv6-icmp from fe80::/10 to fe80::/10
00600 allow ipv6-icmp from fe80::/10 to ff02::/16
00700 allow ipv6 from fe80::/10 to ff02::/16
00800 allow ipv6 from 2001:610:1908:8000::/64 to ff02::/16
00900 allow tcp from any to any established
01000 allow ipv6 from any to any frag
01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup
01200 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup
01300 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup
01400 deny tcp from any to any setup
01500 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01600 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53
01700 allow udp from any 123 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01800 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 123
01900 allow ipv6-icmp from any to any icmptype 33
02000 allow ipv6-icmp from any to any icmptype 34
65535 deny ipv6 from any to any
Any ideas?
Regards,
Roderick
More information about the freebsd-ipfw
mailing list