4.7-STABLE and newer:

Add:

ipv6_ipfilter_rules="/etc/ipf6.rules"

to your RcDotConf file.

Versions prior to 4.7-STABLE:

IpFilter^? doesn't automatically handle IpV6

Although IpV6 is fully supported by the FreeBSD kernel, it has not been fully integrated into the /etc/rc.* scripts. One problem is that IpFilter^? currently needs to be called twice -- once for an IpV4^? RuleSet^?, and once for IpV6. Many (most?) FireWalls^? are set to block all traffic by default. Taken together, this means that the current version of FreeBSD (4.5-STABLE as of this writing) will not execute the necessary commands to allow IpV6 traffic upon bootup without manual intervention.

Right now this can be accomplished by creating a minimal IpV6 RuleSet^? in, say, /etc/ipf6.rules:

######## Default blocks ########
pass in quick proto ipv6 all
pass out quick proto ipv6 all

Next, execute the ipf command to load the new RuleSet^?:

root@kanga:/home/kirk# ipf -6 -f /etc/ipf6.rules

Finally, use ipfstat to verify that the rules are now in effect:

root@kanga:/home/kirk# ipfstat -6 -io
pass out quick proto ipv6 from any to any
pass in quick proto ipv6 from any to any

There! You should now be able to ping6 localhost! To make the changes edit your RcDotConf file to include:

ipfilter_flags="-6 -f /etc/ipf6.rules"

Your new rules file will be automatically loaded during your next boot.

-- KirkStrauser - 13 Nov 2002