ipfw can't be disabled for IPv56
Vince
jhary at unsane.co.uk
Sun Apr 27 18:42:18 UTC 2008
Kevin Oberman wrote:
>> Date: Fri, 25 Apr 2008 16:48:46 -0300
>> From: "Tobias P. Santos" <tobias at netconsultoria.com.br>
>>
>> Kevin Oberman wrote:
>>> Running 7-STABLE of April 10, if I disable the firewall ('sysctl
>>> net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had
>>> to add a "allow ip from any to any" rule to get IPv6 to work pass
>>> traffic. (Since I was accessing the system in question via IPv6, this
>>> was a bit annoying!)
>>>
>>> Am I missing anything? The rc.subr script for ipfw just sets the sysctl I
>>> did when it stops the firewall.
>>
<snip>
>> net.link.ether.ipfw: 0
>> net.inet6.ip6.fw.enable: 1 <------------ voila!!!
>> net.inet6.ip6.fw.debug: 1
<snip>
>
> Thanks! I need to file a PR to get that into the rc script. I should
> have looked for a inet6 specific sysctl for this.
Hate to say this but....
#
# $FreeBSD: src/etc/rc.d/ip6fw,v 1.9 2007/04/02 15:38:53 mtm Exp $
#
# PROVIDE: ip6fw
# REQUIRE: routing
# BEFORE: network_ipv6
# KEYWORD: nojail
. /etc/rc.subr
name="ip6fw"
rcvar=`set_rcvar ipv6_firewall`
start_cmd="ip6fw_start"
stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
required_modules="ipfw"
More information about the freebsd-net
mailing list