[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: IPv6 and IPv4 combined rules in pf.conf
From: Dirk-Willem van Gulik <dirkx () webweaving ! org>
Date: 2024-05-08 21:19:59
Message-ID: 5258A000-3483-467F-8FE9-B3F986D62BB3 () webweaving ! org
[Download RAW message or body]
On 8 May 2024, at 22:41, Dirk-Willem van Gulik <dirkx@webweaving.org> wrote:
>
> > On 8 May 2024, at 22:14, Lexi Winter <lexi@le-fay.org> wrote:
> >
> > Dirk-Willem van Gulik:
> > > For dual stack hosts; with both an IPv4 and IPv6 CIDR that they are
> > > listening to - is there a recommended way to setup pf.conf to avoid
> > > mistakes/duplication ?
> >
> > > To avoid duplication in constructs such as:
> >
> > > # Foo app servers
> > > foobarserver_host4=231.17.X.Y
> > > foobarserver_host6=fe80::5246:…
> > >
> > > # Load balancers - direct or via tun0 in post/fail-back
> > > bar_net=X.Y.Z.Z #
> > > bar_net6=fe80::5246:… #
> > > …
> > >
> > > pass in on { tun0, $ext_if } proto udp from $bar_net to $foobarserver_host4 \
> > > port 2194 keep state pass in on { tun0, $ext_if } proto udp6 from bar_net6 \
> > > $var to $foobarserver_host6 port 2194 keep state
> >
> > > Is there some recommended way of doing this in stock FreeBSD ? Or does
> > > one usually end up with some sort of macro/generate style solution ?
> >
> > i would suggest something like this:
> >
> > table <foobarserver> {
> > 231.17.X.Y
> > fe80::5246:...
> > }
> >
> > table <bar-net> {
> > ...
> > }
> >
> > pass on { tun0, $ext_if } proto udp from <bar-net> \
> > to <foobarserver> port 2194
>
> Ok - excellent - șo one can mix IPv4 and IPv6 in a list - and ‘udp' no longer \
> needs to be ‘udp6' (and same for tcp6 and icmp6 v.s. tcp/icmp_— pf guesses this \
> right based on the address ?
Ignore - that works perfectly - with inet/inet6 thrown in where I need to make the \
distinction.
Thanks !
Dw.
[Attachment #3 (unknown)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: \
space; line-break: after-white-space;">On 8 May 2024, at 22:41, Dirk-Willem van Gulik \
<dirkx@webweaving.org> wrote:<div><blockquote type="cite"><div><div \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"><br><blockquote type="cite"><div>On 8 May 2024, at 22:14, Lexi Winter \
<lexi@le-fay.org> wrote:</div><br class="Apple-interchange-newline"><div><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">Dirk-Willem van Gulik:</span><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;">For dual stack hosts; with both an IPv4 and IPv6 CIDR that they \
are<br>listening to - is there a recommended way to setup pf.conf to \
avoid<br>mistakes/duplication ?<br></blockquote><br style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"><blockquote type="cite" \
style="font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;">To avoid duplication in \
constructs such as:<br></blockquote><br style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"><blockquote type="cite" \
style="font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span \
class="Apple-tab-span" style="white-space: pre;"> </span># Foo app servers<br><span \
class="Apple-tab-span" style="white-space: \
pre;"> </span>foobarserver_host4=231.17.X.Y<br><span class="Apple-tab-span" \
style="white-space: pre;"> </span>foobarserver_host6=fe80::5246:…<br><br><span \
class="Apple-tab-span" style="white-space: pre;"> </span># Load balancers - \
direct or via tun0 in post/fail-back<span \
class="Apple-converted-space"> </span><br><span class="Apple-tab-span" \
style="white-space: pre;"> </span>bar_net=X.Y.Z.Z #<span \
class="Apple-converted-space"> </span><br><span class="Apple-tab-span" \
style="white-space: pre;"> </span>bar_net6=fe80::5246:… #<span \
class="Apple-converted-space"> </span><br><span class="Apple-tab-span" \
style="white-space: pre;"> </span>…<br><br><span class="Apple-tab-span" \
style="white-space: pre;"> </span>pass in on { tun0, $ext_if } proto udp from \
$bar_net to $foobarserver_host4 port 2194 keep state<br><span \
class="Apple-tab-span" style="white-space: pre;"> </span>pass in on { tun0, $ext_if } \
proto udp6 from bar_net6 $var to $foobarserver_host6 port 2194 keep \
state<br></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"><blockquote type="cite" style="font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;">Is there some recommended way of doing this in stock FreeBSD \
? Or does<br>one usually end up with some sort of macro/generate style solution \
?<br></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"><span style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;">i would suggest something like this:</span><br style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span \
class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: pre; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"> </span><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;">table \
<foobarserver> {</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"><span class="Apple-tab-span" \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; \
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"> </span><span class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">231.17.X.Y</span><br style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span \
class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: pre; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"> </span><span class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">fe80::5246:...</span><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"><span class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: pre; word-spacing: 0px; -webkit-text-stroke-width: \
0px; text-decoration: none;"> </span><span style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;">}</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"><span class="Apple-tab-span" style="caret-color: rgb(0, 0, \
0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">table <bar-net> {</span><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"><span class="Apple-tab-span" style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: pre; word-spacing: 0px; -webkit-text-stroke-width: \
0px; text-decoration: none;"> </span><span class="Apple-tab-span" style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">...</span><br style="caret-color: rgb(0, 0, \
0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"><span class="Apple-tab-span" \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; \
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"> </span><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;">}</span><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic