Hi all, I’m having some trouble trying to set up some firewall rules on a IPv6 router zone and have come to the conclusion that something is broken.
The following is an illustrative example (though I’ve tried all manner of other rules without success): net0 is connected to an upstream provider and has a /128 address. I’ve set up the following in /etc/ipf/ipf6.conf (this is the only rule present): block in quick on net0 proto icmp I’ve reloaded the IPv6 filters using: ipf -6 -F a ipf -6 -f /etc/ipf/ipf6.conf And a ping to the /128 global address coming into net0 still return. The only way to get any blocking is to use a rule like: block in all on net0 Which obviously is not as fine grained as I’d like it to be. Things seem to be fine on the IPv4 side of things (I’ve verified the exact same rules in ipf.conf work as expected), but it seems to be an everything gets through or nothing gets though situation on IPv6. I’m running a build of SmartOS from 3/31. Has anyone else had success using ipf against IPv6 traffic? Am I missing something obvious? Thanks in advance! Bill ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
