Re: ip6fw without ipfw?
On 11/6/07, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > On Tuesday 06 November 2007 17:14:24 Bob Johnson wrote: > > Since this is apparently a bug, I'll file a PR. I'm going to install > > 7.0-BETA2 later today, I'll try again on that. > > Not saying that this is not a bug, but keep in mind > that there is no ip6fw in RELENG_7. IPv6 filtering > is integrated in ipfw. I think you better ask ipfw@ > for opinions and workarounds before filing a PR. > > HTH, Yes, it helps. Thanks. I think there is a bug in the implementation. I'll ask the ipfw people. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ip6fw without ipfw?
On Tuesday 06 November 2007 17:14:24 Bob Johnson wrote: > Since this is apparently a bug, I'll file a PR. I'm going to install > 7.0-BETA2 later today, I'll try again on that. Not saying that this is not a bug, but keep in mind that there is no ip6fw in RELENG_7. IPv6 filtering is integrated in ipfw. I think you better ask ipfw@ for opinions and workarounds before filing a PR. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ip6fw without ipfw?
On 11/6/07, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > On Tuesday 06 November 2007 00:54:36 Bob Johnson wrote: > > So is it a bug or a feature that enabling ip6fw (/etc/rc.d/ip6fw > > start) also enables ipfw (the ipv4 version)? I didn't see it mentioned > > in IP6FW(8). > > > > It sure surprised me when I was exploring IPv6 setup and I enabled > > ip6fw without configuring the IPv4 rc.firewall. Locked me out of the > > remote system, because ssh won't let me log in on IPv6 (I'll post that > > question in another message), and ipfw came up and locked me out via > > IPv4. Forced me to go out and enjoy the nice weather yesterday instead > > of playing with IPv6 all day... > > Can't replicate what you said. I am running 6.2-STABLE from June. > I loaded the ip6fw module and ipfw is not loaded. I also ran the > ip6fw rc script. Nothing happened regarding ipfw. > > root:0:/cdrom# ip6fw show > 65535 0 0 deny ipv6 from any to any > root:0:/cdrom# ipfw show > ipfw: getsockopt(IP_FW_GET): Protocol not available > > If you can replicate the problem, please report it. > > Nikos > Sorry I forgot to mention that this is on 7.0-BETA1. I find that it only happens the first time I enable the firewall after rebooting. I remove the firewall_enable and ipv6_firewall_enable lines in rc.conf, reboot the system, then put the lines back in rc.conf. Then /etc/rc.d/ip6fw start also starts ipfw. I'm pretty sure that when this happens, ipfw doesn't load its rules from /etc/rc.firewall, so it is running with only the default deny rule (I'll try to confirm that some time today, but first I need to get some real work done this morning). After the firewall has been enabled and disabled, re-enabling ip6fw doesn't seem to affect ipfw. Since this is apparently a bug, I'll file a PR. I'm going to install 7.0-BETA2 later today, I'll try again on that. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ip6fw without ipfw?
On Tuesday 06 November 2007 00:54:36 Bob Johnson wrote: > So is it a bug or a feature that enabling ip6fw (/etc/rc.d/ip6fw > start) also enables ipfw (the ipv4 version)? I didn't see it mentioned > in IP6FW(8). > > It sure surprised me when I was exploring IPv6 setup and I enabled > ip6fw without configuring the IPv4 rc.firewall. Locked me out of the > remote system, because ssh won't let me log in on IPv6 (I'll post that > question in another message), and ipfw came up and locked me out via > IPv4. Forced me to go out and enjoy the nice weather yesterday instead > of playing with IPv6 all day... Can't replicate what you said. I am running 6.2-STABLE from June. I loaded the ip6fw module and ipfw is not loaded. I also ran the ip6fw rc script. Nothing happened regarding ipfw. root:0:/cdrom# ip6fw show 65535 0 0 deny ipv6 from any to any root:0:/cdrom# ipfw show ipfw: getsockopt(IP_FW_GET): Protocol not available If you can replicate the problem, please report it. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"