| ||||||||
| Changed: | ||||||||
| < < |
IpFilter? doesn't automatically handle IpV6 | |||||||
| > > |
4.7-STABLE and newer:Add:ipv6_ipfilter_rules="/etc/ipf6.rules"to your RcDotConf file. Versions prior to 4.7-STABLE:IpFilter? doesn't automatically handle IpV6 | |||||||
| Although IpV6 is fully supported by the FreeBSD kernel, it has not been fully integrated into the /etc/rc.* scripts. One problem is that IpFilter? currently needs to be called twice -- once for an IpV4? RuleSet?, and once for IpV6. Many (most?) FireWalls? are set to block all traffic by default. Taken together, this means that the current version of FreeBSD (4.5-STABLE as of this writing) will not execute the necessary commands to allow IpV6 traffic upon bootup without manual intervention. | ||||||||
IpFilter? doesn't automatically handle IpV6 | ||||||||||
| Line: 23 to 23 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| pass in quick proto ipv6 from any to any | ||||||||||
| Changed: | ||||||||||
| < < |
There! You should now be able to ping6 localhost! | |||||||||
| > > |
There! You should now be able to ping6 localhost! To make the changes edit your RcDotConf file to include: | |||||||||
| Changed: | ||||||||||
| < < |
-- KirkStrauser - 26 Mar 2002 | |||||||||
| > > |
ipfilter_flags="-6 -f /etc/ipf6.rules"Your new rules file will be automatically loaded during your next boot. | |||||||||
| Added: | ||||||||||
| > > |
-- KirkStrauser - 13 Nov 2002 | |||||||||
| ||||||||||
IpFilter? doesn't automatically handle IpV6 | ||||||||||
| Line: 27 to 27 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| -- KirkStrauser - 26 Mar 2002 | ||||||||||
| Added: | ||||||||||
| > > |
| |||||||||
| ||||||||||
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
IpFilter? doesn't automatically handle IpV6Although IpV6 is fully supported by the FreeBSD kernel, it has not been fully integrated into the /etc/rc.* scripts. One problem is that IpFilter? currently needs to be called twice -- once for an IpV4? RuleSet?, and once for IpV6. Many (most?) FireWalls? are set to block all traffic by default. Taken together, this means that the current version of FreeBSD (4.5-STABLE as of this writing) will not execute the necessary commands to allow IpV6 traffic upon bootup without manual intervention. Right now this can be accomplished by creating a minimal IpV6 RuleSet? in, say, /etc/ipf6.rules:######## Default blocks ######## pass in quick proto ipv6 all pass out quick proto ipv6 allNext, execute the ipf command to load the new RuleSet?: root@kanga:/home/kirk# ipf -6 -f /etc/ipf6.rulesFinally, use ipfstat to verify that the rules are now in effect: root@kanga:/home/kirk# ipfstat -6 -io pass out quick proto ipv6 from any to any pass in quick proto ipv6 from any to anyThere! You should now be able to ping6 localhost! -- KirkStrauser - 26 Mar 2002
| |||||||