On Mon, Jul 19, 2010 at 2:06 AM, Hernan F <drge...@gmail.com> wrote: > Hello, I'm running OpenSolaris 2010.03 b134 from /dev. I'm trying to firewall > my machine on IPv6 but so far I can't get it to work. > > Here's my ipf6.conf > > block in all > pass out all > pass in quick on lo0 all > pass in quick on nge0 proto tcp from any to any port = 80 > pass in quick proto icmp all > > I want everything blocked, except for ICMP (so I can Ping) and TCP port 80 > (web server). > > When I run > > ipf -6 -f /etc/ipf/ipf6.conf > > I can't ping the machine anymore, or reach the web server. > > Is my config correct?
For the connections that you're opening FROM this machine to the outside, you need to allow the packets to come in too. Changing "pass out all" to "pass out all keep state" should make it. There is a very good tutorial here: http://www.obfuscation.org/ipf -- Giovanni Tirloni gtirl...@sysdroid.com _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
