Hello,
Could someone tell me why, given the following ruleset, I cannot get to my
machine from the outside on ipv6? Obviously, I just masked out the ipv6
address for security. Any insight would be much appreciated. Normally, I
am decent with pf when it comes to ipv4. But, I am utterly lost. Perhaps I
don't understand what the gif0 interface is truely doing. I know that I
have it configured to encapsulate IPv6 traffic in IPv4 but I don't know how
to troubleshoot it well.
wanif="tun0"
ip6if="gif0"
intif="em0"
intnet4="10.40.60.0/24"
host="XXXX:XXXX:X:XXX::1"
tcp_services="{ssh,domain,mail,ftp,http,https}"
udp_services="{domain}"
set skip on {lo,$intif}
block in all
pass out all
pass out on $wanif scrub (max-mss 1440)
match out on $wanif inet from $intnet4 to any nat-to ($wanif)
pass inet proto ipv6 from any to any
pass in on $ip6if inet6 proto icmp6 icmp6-type {echoreq,unreach}
pass in on $ip6if inet6 proto tcp from any to $host port $tcp_services
pass in on $ip6if inet6 proto udp from any to $host port $tcp_services
Thank you,
Matt
