ipfw and ipv6: "me"
Ivan Voras
ivoras at freebsd.org
Mon Sep 5 12:52:31 UTC 2011
Hello,
I think the ipfw(8) man page is a bit ambiguous in this area: does the
"me" pseudo-address (as in "allow tcp from any to me 80") also include ipv6?
Here's what the man page says on 8-stable:
"""
src and dst: {addr | { addr or ... }} [[not] ports]
An address (or a list, see below) optionally followed by ports
specifiers.
The second format (or-block with multiple addresses) is
provided
for convenience only and its use is discouraged.
ip | all
any matches any IP address.
me matches any IP address configured on an interface
in the
system.
me6 matches any IPv6 address configured on an interface in
the system. The address list is evaluated at the time
the packet is analysed.
table(number[,value])
Matches any IPv4 address for which an entry exists
in the
lookup table number. If an optional 32-bit unsigned
value is also specified, an entry will match only
if it
has this value. See the LOOKUP TABLES section
below for
more information on lookup tables.
"""
There is no symmetrical "me4" option which leads me to think that "me"
matches only ipv4 and "me6" only ipv6.
Is this right? Any ideas?
More information about the freebsd-net
mailing list