R: IPv6 and ipfw
Willem Jan Withagen
wjw at digiware.nl
Wed Jul 29 10:44:33 UTC 2009
Raffaele De Lorenzo wrote:
> Hi all,
> I attached a patch that solve this problem. I will send a PR as soon as
> possible.
>
> Instructions:
>
> Patch the follow files:
>
> /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff)
> /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff)
> /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff)
>
> This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8
> BETA 2 Sources.
>
> Let me know any suggestion or problem.
Patch worked fine on 7.2-stable as well.
Multiple ipv6 addresses are now accepted in one go.
But it still does not really works as well as I would like ;):
ipfw add 11101 allow udp from any to 192.168.10.67,2001:dddd:c::67 dst-port
45457 keep-state
ipfw: bad netmask ``dddd:c::67''
Which from your comment seems correct:
+ * Pre-Check multi address rules to avoid parser confusion about IPv4/IPv6
addresses.
+ * XXX I assume the first know address is the reference address (You cannot
use both IPv4/IPv6 addresses inside
+ * a multi-addresses rule).
But looking at the code, why not fist parse chunks seperated by ',' and then
test them for all possible variants, because as far as I understand there
are no ',''s allowed in the adresspec.
Thanx for the work thusfar,
--WjW
More information about the freebsd-net
mailing list