ip6fw borkage on sparc64
Roderick van Domburg
r.s.a.vandomburg at student.utwente.nl
Sat Jan 17 17:46:15 PST 2004
Hello everybody,
I just built and installed a new world and kernel on a sparc64, and
unfortunately ip6fw no longer seems to work correctly.
The box runs an IPv6-enabled Apache server. With the previous kernel (Sun
Jan 11 14:03:52 CET 2004), I could access that Apache server without any
problems from my IPv6-enabled workstation.
With today's kernel (Sun Jan 18 01:30:58 CET 2004) the same firewall
configuration no longer does the trick (attached below).
Funny thing: if I issue a "ip6fw add 50 allow ipv6 from any to any",
everything looks peachy, but a "ip6fw add 50 allow tcp from any to any"
blocks traffic all the same.
Any idea?
Regards,
Roderick
-8<--
00100 allow ipv6 from any to any via lo0
00200 allow ipv6-icmp from :: to ff02::/16
00300 allow ipv6-icmp from fe80::/10 to fe80::/10
00400 allow ipv6-icmp from fe80::/10 to ff02::/16
00500 allow ipv6 from fe80::/10 to ff02::/16
00600 allow ipv6 from 2001:610:1908::/48 to ff02::/16
00700 allow tcp from any to any established
00800 allow ipv6 from any to any frag
00900 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 22 setup
01000 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup
01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup
01200 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup
01300 deny tcp from any to any setup
01400 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b
01500 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53
01600 allow ipv6-icmp from any to any icmptype 33
01700 allow ipv6-icmp from any to any icmptype 34
65535 deny ipv6 from any to any
More information about the freebsd-net
mailing list