For those that use IPFilter with IPv6, does the current configuration cause any problems for you?
No major ones in ipfilter, but some in ipnat.
Do you edit ipf.conf and forget to edit ipf6.conf or vice verssa?
Are there interaction issues or reporting problems needing to remember -6?
Nope. That's fine with me.
If there was just a single configuration file, ipf.conf, that contained all IP (IPv4/6) firewall rules, would this make like easier or harder?
Maybe harder, but not much. It's just a fuzzier separation that way. I could deal either way, but I like the separation that two config files allows.
If you were forced to manually transition your current system layout with both ipf.conf and ipf6.conf, would this be a serious issue?
Nope. Could be done.
One other question, if NAT were to support IPv6 also, would you expect a ipnat6.conf or for it to all fit in ipnat.conf?
I would expect and want it to mirror the other. So, right now, I'd want an ipnat6.conf. But, I think having just one makes sense too. I just think consistency is most valueable.
So, other than the aforementioned problem I'm having with ipnat messing with ports on IPv6 packets, I'm good. And that's a NetBSD 2.x problem, I think, so.
- Chris
