Unified rc.firewall ipfw me/me6 issue
Hajimu UMEMOTO
ume at freebsd.org
Fri Dec 18 15:45:51 UTC 2009
Hi,
>>>>> On Fri, 18 Dec 2009 09:12:48 -0500
>>>>> David Horn <dhorn2000 at gmail.com> said:
dhorn2000> The updated patch works, but doing a check for [ $ipv6_available -eq 0 ]
dhorn2000> might be more appropriate than checking "net6" or "inet6" variables in these
dhorn2000> no INET6 cases since neither net6 or inet6 variables are involved in these
dhorn2000> statements.
Thank you for testing.
It is intentional. If firewall_client_net_ipv6 is not set, the IPv6
rules are not meaningful for the client type, and if
firewall_simple_inet_ipv6 is not set, the IPv6 rules are not
meaningful for the simple type.
dhorn2000> Yes, "me" matching either ipv4/ipv6 would certainly simplify the default
dhorn2000> rc.firewall flow.
Here is my proposed patch. With this patch, 'me' matches to both IPv4
and IPv6, and 'me4' is added for matching to only IPv4.
Sincerely,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipfw-me-unify.diff
Type: text/x-patch
Size: 4873 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20091218/1364e989/ipfw-me-unify.bin
-------------- next part --------------
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-ipfw
mailing list