[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-ipv6
Subject:    trying to get IPF (OBSD 2.9) to work with IPv6 and IPv4
From:       carl () bl ! echidna ! id ! au
Date:       2001-07-25 3:56:56
[Download RAW message or body]

I'm having trouble getting my IPv4/IPv6 gateway to firewall IPv6
traffic at the same time as IPv4.

Here's what I have done :

I've recompiled /sbin/ipf and /sbin/ipfstat with USE_INET6 defined 
in their makefiles.  I'm not sure if I had to do that, but since I did,
ipfstat -6 started working.

The kernel has INET6 defined, so I assume ipf's kernel module is
enabled accordingly?

anyway, I do this :

ring# ipf -6 -Fa -f /etc/ipf6.rules
ring# ipfstat -6 -i
pass in quick proto tcp from any to any port = 25 keep state
pass in quick proto tcp from any to any port = 113 keep state
pass in quick proto tcp from any to any port = 53 keep state
pass in quick proto udp from any to any port = 53 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick on lo0 from any to any
block in quick from any to any

looks good .. but it has buggered up my IPv4 FW :

ring# ipfstat -i
empty list for ipfilter(in)


Interestingly though, traffic is still going through (I'm 
ssh'd into the box and through the box usign IPv4 to write this email).

So it looks like that ruleset is only really working on IPv4 traffic anyway?

If I do an ipf -Fa -f /etc/ipf.rules, I get my normal (a bit more
restrictive!) ruleset back when I ipfstat -i, but nothign then shows up
in an ipfstat -6 -i.

Can anyone point me at some doco that I can read to find out what
I'm doing wrong?  

My machine is an i386 running OBSD 2.9 with all the current patches
applied.

thanks

Carl

[prev in list] [next in list] [prev in thread] [next in thread]