IPv6, PF problem
Aaron Stellman
zion at x96.org
Sat Dec 12 21:11:34 UTC 2009
Hello there,
> What does "pfctl -vvsr" give you for the rule? It should include the number
> of addresses assigned to the interface in the braces - e.g. "... (bge0:4) ..."
@8 pass in on bge0 proto tcp from any to (bge0:4) port = ftp flags S/SA keep state
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 79900 ]
> In addition, can you try to add separate rules for inet and inet6 - i.e.
>
> pass in on $ext_if inet proto tcp to ($ext_if) port 21
> pass in on $ext_if inet6 proto tcp to ($ext_if) port 21
@8 pass in on bge0 inet proto tcp from any to (bge0:2) port = ftp flags S/SA keep state
[ Evaluations: 1 Packets: 17 Bytes: 916 States: 1 ]
[ Inserted: uid 0 pid 80198 ]
@9 pass in on bge0 inet6 proto tcp from any to (bge0:2) port = ftp flags S/SA keep state
[ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 80198 ]
and it passes inet6 connection with these two rules. Do you consider it
a bug? This essentially forces me to have 2 separate rules for inet and
inet6.
Thanks
More information about the freebsd-pf
mailing list