Max Laier <[EMAIL PROTECTED]> wrote: > On a box running sshd (or something listening on an inet6 tcp port) > load the following ruleset: > > pass quick on lo0 all > pass quick on bge0 inet all > block drop log all > pass in log-all on bge0 inet6 proto tcp from any to 3000::1 port = ssh \ > flags S/SA keep state > > where bge0 is a real interface and 3000::1 is configured on that > interface. Then try "telnet 3000::1 22" and see if it works and > provide me with the a tcpdump from pflog0 during the connection > attempt - whether it works or not.
On OpenBSD 3.9 with GENERIC kernel and the following ruleset: pass log quick on lo0 all pass quick on ne3 inet all block drop log all pass in log (all) on ne3 inet6 proto tcp from any to 3000::1 port = ssh flags S/SA keep state [added "log" in the first line and changed "log-all" to "log (all)" in the last one] telnet works and the log shows: Aug 04 13:07:08.201358 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:08.201772 rule 0/(match) pass in on lo0: [|ip6] Aug 04 13:07:08.204606 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:08.205024 rule 0/(match) pass in on lo0: [|ip6] Aug 04 13:07:08.205758 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:08.205867 rule 0/(match) pass in on lo0: [|ip6] Aug 04 13:07:08.954137 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:08.954581 rule 0/(match) pass in on lo0: [|ip6] Aug 04 13:07:09.150295 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:09.150509 rule 0/(match) pass in on lo0: [|ip6] Aug 04 13:07:37.841839 rule 0/(match) pass out on lo0: [|ip6] Aug 04 13:07:37.842188 rule 0/(match) pass in on lo0: [|ip6] [...] Is that enough information, or do you need the actual binary file? Fabian -- http://www.fabiankeil.de/
signature.asc
Description: PGP signature
