Eliminating IPv6 (?)
RW
rwmaillists at googlemail.com
Tue Jun 18 14:41:23 UTC 2019
On Tue, 18 Jun 2019 15:06:16 +0100
RW wrote:
> On Tue, 18 Jun 2019 14:35:00 +0200
> Patrick M. Hausen wrote:
>
> > Hi all,
> >
> > > Am 18.06.2019 um 13:54 schrieb Robert Huff <roberthuff at rcn.com>:
> > >
> > > If this is true - haven't checked personally - then it's a
> > > bug. (And a non-trivial one, the fact you're the first to report
> > > it notwithstanding.)
> > > Can you please open a bug report?
> >
> > I doubt it would qualify as a bug - possibly a bug in the docs, yes.
> >
> > Because the observed behaviour is definitely intentional. The flow
> > of statements in rc.firewall is:
> >
> > 0. flush all rules
> > 1. setup_loopback
> > 2. setup_ipv6_mandatory
> ..
> > So, yes, there will always be mandatory IPv6 rules in place.
>
> The rules are only added if IPv6 is built into the kernel.
>
> It's a long time since I've used ipfw, but IIRC the custom file is
> just a set of ipfw commands, so I presume it would be possible to
> delete any unwanted preset rules without having to modify
> rc.d/firewall.
Looking at it again I see those rules are added in /etc/rc.firewall
and the use of that script is optional in rc.d/ipfw, so there's no real
problem in the first place.
> Alternatively setup_loopback() starts with rule 100, so there is also
> the option of adding custom rules that sort before the mandatory IPv6
> rules and override them.
More information about the freebsd-questions
mailing list