> On 13 Oct 2015, at 05:51, David Mehler <[email protected]> wrote: > Some things I know definitely aren't working is the ipv6 allowing of > ssh and http, ipv6 ping doesn't work gives a udp error, ftp from the > machine the data connection doesn't come through, i'm assuming i'll > have that same problem when I set up a jailed ftp server as well. > You really, really want to allow ICMPv6. Without ICMPv6 critical things like path MTU (remember, there’s no router fragmentation in IPv6, you *need* path MTU discovery) and router advertisements.
It’s still possible to filter out undesirable ICMPv6 types, but I’d start out just allowing everything. I’ve not looked at the rest of it in any depth, but the ICMPv6 thing probably explains all of the IPv6 issues you’ve had. Regards, Kristof _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
