ipfw2: IPv6 and new protocols
Jan Mikael Melen
jan at melen.org
Fri Apr 27 06:46:27 UTC 2007
Hi,
Is there a specific reason why the upper-layer protocols are limited in IPv6
with ipfw2? The problem that I see is that if there is a firewall in the net
that uses ipfw2 you can't introduce any new protocols to IPv6 without
updating all firewalls of the net?
When using new next header numbers ipfw2 complains "Unknown Extension
Header(253)" although the there is a rule that allows the protocol to pass
through, but the packet is dropped already before the rules are checked. I
noticed from the code that for example all MIPv6 extension headers and SCTP
are missing from the code and probably many others as well.
Regards,
Jan
More information about the freebsd-ipfw
mailing list