Have free IPv6 now, how to configure IPv6 & ipfilter firewall
luzar722 at gmail.com
Sat Apr 1 15:11:20 UTC 2017
Yesterday 3/31/2017 6pm, Time Warner enabled IPv6 on the cable system
that I am connected to. You ask how do I know that? I use ipfilter
firewall with default "block". There has to be a rule to allow any thing
in or out. The ipf.log started to fill up very quickly and rollover
every 15 minutes. Inspection of the ipf.log showed this log record was
the source of the flooding.
fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 routeradvert/0 IN multicast
Then I did a ifconfig command on the interface facing the public internet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 220.127.116.11 netmask 0xfffffc00 broadcast 255.255.255.255
inet6 fe80::210:b5ff:fe7b:1d6f%rl0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (100baseTX <full-duplex>)
To my surprise I have an IPv6 address for the first time every. I have
been a native IPv4 shop since FreeBSD 3.0. MY rc.conf file has this
My first though was to stop the ipf.log file flooding by adding a rule
to block icmpv6. This rule complained about unknown protocol.
block in quick on rl0 proto icmpv6
My first question is how do I block the icmpv6 packet in ipfilter firewall?
My 2nd question; Does ipfilter firewall need some kind of configuration
change to make it IPv6 aware? If so what?
In my reading about IPv6, no where does it say that IPv4 & IPv6 CAN NOT
exist together, is that true?
The handbook has this:
31.10.6. Router Advertisement and Host Auto Configuration
This section will help you setup rtadvd(8) to advertise the IPv6
To enable rtadvd(8) you will need the following in your /etc/rc.conf:
It is important that you specify the interface on which to do IPv6
For example to tell rtadvd(8) to use fxp0:
Now we must create the configuration file, /etc/rtadvd.conf. Here is
Replace fxp0 with the interface you are going to be using.
Next, replace 2001:471:1f11:246:: with the prefix of your allocation.
If you are dedicated a /64 subnet you will not need to change anything
Otherwise, you will need to change the prefixlen# to the correct value.
******** End of Handbook text *************************************
Now since I have free native IPv6, I think I only need to add these two
statement to my rc.conf to achieve total IPv6 auto-configuration
rl0 = interface facing the public internet
xl0 = interface facing the private lan
Am I doing this correctly?
About jails, I can create a jail that uses an IPv6 address. Is there a
way to auto-configuration that jail's IPv6 address?
Thanks for your help.
More information about the freebsd-questions