IPv6 and ipfw

Wed Jul 22 08:18:53 UTC 2009

Hi,

Running 7.2 I tried to insert this into my IPFW rules

# ipfw add allow udp from any to 2001:xxx:3::113,2001:xxxx:3::116 \
	dst-port 10001-10100 keep-state
ipfw: bad netmask ``xxxx:3::113''

also:
# ipfw add allow udp from any to trixbox.ip6 dst-port 10001-10100 keep-state
ipfw: hostname ``trixbox.ip6'' unknown
Exit 68
# host trixbox.ip6
trixbox.ip6.digiware.nl has IPv6 address 2001:4cb8:3::116

So it looks like what is in the manual is overly optimistic:
----
      addr6-list: ip6-addr[,addr6-list]

      ip6-addr:
              A host or subnet specified one of the following ways:

              numeric-ip | hostname
                      Matches a single IPv6 address as allowed by inet_pton(3)
                      or a hostname.  Hostnames are resolved at the time the
                      rule is added to the firewall list.

              addr/masklen
                      Matches all IPv6 addresses with base addr (specified as
                      allowed by inet_pton or a hostname) and mask width of
                      masklen bits.

              No support for sets of IPv6 addresses is provided because IPv6
              addresses are typically random past the initial prefix.
----

Anybody else ran into this?
Or should I file this as a PR.

--WjW