Have free IPv6 now, how to configure IPv6 & ipfilter firewall

Ernie Luzar luzar722 at gmail.com
Sat Apr 1 15:11:20 UTC 2017

Hello List;

Yesterday 3/31/2017 6pm, Time Warner enabled IPv6 on the cable system 
that I am connected to. You ask how do I know that? I use ipfilter 
firewall with default "block". There has to be a rule to allow any thing 
in or out. The ipf.log started to fill up very quickly and rollover 
every 15 minutes. Inspection of the ipf.log showed this log record was 
the source of the flooding.

fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 routeradvert/0 IN multicast

Then I did a ifconfig command on the interface facing the public internet

  rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  	ether 00:10:b5:7b:1d:6f
  	inet netmask 0xfffffc00 broadcast
  	inet6 fe80::210:b5ff:fe7b:1d6f%rl0 prefixlen 64 scopeid 0x1
  	media: Ethernet autoselect (100baseTX <full-duplex>)
  	status: active

To my surprise I have an IPv6 address for the first time every. I have 
been a native IPv4 shop since FreeBSD 3.0. MY rc.conf file has this 
ifconfig_rl0="DHCP" statement.

My first though was to stop the ipf.log file flooding by adding a rule 
to block icmpv6. This rule complained about unknown protocol.
block in quick on rl0 proto icmpv6

My first question is how do I block the icmpv6 packet in ipfilter firewall?

My 2nd question; Does ipfilter firewall need some kind of configuration 
  change to make it IPv6 aware? If so what?

In my reading about IPv6, no where does it say that IPv4 & IPv6 CAN NOT 
exist together, is that true?

The handbook has this:
  31.10.6. Router Advertisement and Host Auto Configuration

  This section will help you setup rtadvd(8) to advertise the IPv6 
default route.

  To enable rtadvd(8) you will need the following in your /etc/rc.conf:

  It is important that you specify the interface on which to do IPv6 
router solicitation.
  For example to tell rtadvd(8) to use fxp0:

  Now we must create the configuration file, /etc/rtadvd.conf. Here is 
an example:


  Replace fxp0 with the interface you are going to be using.

  Next, replace 2001:471:1f11:246:: with the prefix of your allocation.

  If you are dedicated a /64 subnet you will not need to change anything 
  Otherwise, you will need to change the prefixlen# to the correct value.

******** End of Handbook text  *************************************

Now since I have free native IPv6, I think I only need to add these two 
statement to my rc.conf to achieve total IPv6 auto-configuration


rl0 = interface facing the public internet
xl0 = interface facing the private lan

Am I doing this correctly?

About jails, I can create a jail that uses an IPv6 address. Is there a 
way to auto-configuration that jail's IPv6 address?

Thanks for your help.

More information about the freebsd-questions mailing list