On Wed, 12 Nov 2014, Christos Zoulas wrote:
Date: Wed, 12 Nov 2014 12:52:25 +0000 (UTC)
From: Christos Zoulas <[email protected]>
To: [email protected]
Subject: Re: netbsd-7 ipfilter failure?
In article <[email protected]>,
<[email protected]> wrote:
I have already tested a configuration that only uses /etc/ipf.conf.
block in on ixg0 family inet
pass in on ixg0 family inet6
The first line blocks all ipv4 traffic. It works.
The second line should allow only ipv6 traffic. But the second line also
re-allows ipv4 traffic. So I assume that the address family is not
evaluated correctly.
Why don't you make the first rule final?
block in on ixg0 family inet - it blocks ipv6 traffic too.
christos
