Rules sanity check
David Mehler
dave.mehler at gmail.com
Tue Oct 13 16:59:50 UTC 2015
Hello,
Thanks. How do I get icmpv6 going? That is certainly a problem I'm having.
Thanks.
Dave.
On 10/13/15, Kristof Provost <kp at freebsd.org> wrote:
>
>> On 13 Oct 2015, at 05:51, David Mehler <dave.mehler at gmail.com> wrote:
>> Some things I know definitely aren't working is the ipv6 allowing of
>> ssh and http, ipv6 ping doesn't work gives a udp error, ftp from the
>> machine the data connection doesn't come through, i'm assuming i'll
>> have that same problem when I set up a jailed ftp server as well.
>>
> You really, really want to allow ICMPv6. Without ICMPv6 critical things
> like path MTU (remember, there’s no router fragmentation in IPv6, you
> *need* path MTU discovery) and router advertisements.
>
> It’s still possible to filter out undesirable ICMPv6 types, but I’d start
> out just allowing everything.
>
> I’ve not looked at the rest of it in any depth, but the ICMPv6 thing
> probably
> explains all of the IPv6 issues you’ve had.
>
> Regards,
> Kristof
>
>
More information about the freebsd-pf
mailing list