Need a PF consultant
Kristof Provost
kp at FreeBSD.org
Mon Jun 22 06:42:41 UTC 2020
On 22 Jun 2020, at 2:06, David Mehler wrote:
> Thanks for all your replies.
>
> Donald, the IPv6 dns is working fine in this situation.
>
> Kristof, here's what I originally had in my pf.conf file for ICMP:
>
> pass out quick on $ext_if proto { icmp, icmp6 } modulate state
> pass in quick on $ext_if proto { icmp, icmp6 }
>
That’s a somewhat bigger hammer than what I proposed, but that should
work as well.
> I commented that out, added in your rules, disabled and reenabled PF,
> and did a ping6. Good news is the first time I tried ping6 it worked,
> bad news is the second time I tried it about two minutes later it sent
> out the ping6 but didn't return anything, zero packets received. A few
> minutes later doing the UDP connect no route to host thing again.
>
> While the original focus of my question was IPv6 would you be willing
> to assist me with my general configuration? As I said I can go in to
> much more detail on this.
Please do send me the information you have, yes.
Best regards,
Kristof
More information about the freebsd-pf
mailing list