Eliminating IPv6 (?)
RW
rwmaillists at googlemail.com
Tue Jun 18 14:06:22 UTC 2019
On Tue, 18 Jun 2019 14:35:00 +0200
Patrick M. Hausen wrote:
> Hi all,
>
> > Am 18.06.2019 um 13:54 schrieb Robert Huff <roberthuff at rcn.com>:
> >
> > If this is true - haven't checked personally - then it's a
> > bug. (And a non-trivial one, the fact you're the first to report it
> > notwithstanding.)
> > Can you please open a bug report?
>
> I doubt it would qualify as a bug - possibly a bug in the docs, yes.
>
> Because the observed behaviour is definitely intentional. The flow of
> statements in rc.firewall is:
>
> 0. flush all rules
> 1. setup_loopback
> 2. setup_ipv6_mandatory
..
> So, yes, there will always be mandatory IPv6 rules in place.
The rules are only added if IPv6 is built into the kernel.
It's a long time since I've used ipfw, but IIRC the custom file is
just a set of ipfw commands, so I presume it would be possible to
delete any unwanted preset rules without having to modify
rc.d/firewall.
Alternatively setup_loopback() starts with rule 100, so there is also
the option of adding custom rules that sort before the mandatory IPv6
rules and override them.
More information about the freebsd-questions
mailing list