I have already tested a configuration that only uses /etc/ipf.conf.
block in on ixg0 family inet
pass in on ixg0 family inet6
The first line blocks all ipv4 traffic. It works.
The second line should allow only ipv6 traffic. But the second line also
re-allows ipv4 traffic. So I assume that the address family is not
evaluated correctly.
Regards
Uwe
On Wed, 12 Nov 2014, Greg Troxel wrote:
Date: Wed, 12 Nov 2014 07:18:40 -0500
From: Greg Troxel <[email protected]>
To: [email protected]
Cc: Robert Swindells <[email protected]>, [email protected],
[email protected]
Subject: Re: netbsd-7 ipfilter failure?
[email protected] writes:
I would like to once again ask for the ip filter problem. Is this a
bug or an incorrect operation of me? Does it make sense to report it
as a bug?
I think we more or less concluded that:
in netbsd-7, ipfilter has one ruleset /etc/ipf.conf
this one ruleset has rules for both 4 and 6
docs that talk about -6 and ipf6.conf are perhaps buggy and at best
for compatibility
I would suggest reading the message from Darren and putting all rules in
ipf.conf (with AF qualifiers) and not having ipf6.conf. If that doesn't
work, I would suggest posting a specific problem.
