PF support for IPv6 Extension Headers
Fernando Gont
fernando at gont.com.ar
Wed Jun 10 23:58:11 UTC 2015
Folks,
What's the level f support of PF wrt IPv6 Extension Headers?
pf.conf(5) talks about an implicit block rule for packets employing the
routing header, but I've not been able to find anything about e.g.,
* Filtering packets on a per-EH-type-occurrence (e.g. "block packets
that contain a Destination Options Header")
* Filtering packets base on the EH size
* Filtering packets based on the number of EHs they contain (e.g., drop
the packet if it employs more than 5 EHs)
etc.
Thoughts?
Thanks!
Best regards,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the freebsd-net
mailing list