Thanks to those of you who offered help off-list.
I found this doc, which is amazingly comprehensive and deals with this problem in depth for pf under openbsd: http://rr.sans.org/firewall/building_IPv6.php fwiw. --- florkle <[EMAIL PROTECTED]> wrote: > I have a newly applied for tunnel which I know to be > activated and if I drop the pf rules on he 3.1 > -RELEASE firewall I can ping6 it successfully. > > I have a line which blocks everything: > > @9 block in log on ep0 inet all > > which catches all my ip6 traffic even though I added > these lines: > > @12 pass out quick on ep0 inet6 all > @13 pass in quick on ep0 inet6 all > > I also placed these /before/ the 9 rule, which the > same result ( I track the blocks via tcpdump -i > pflog0 > ). > > I even tried allowing the ip6 tunnel endpoint (which > I > must allow to ping6 me to keep the tunnel up) in via > a > specific line allowing it to pass traffic to me, but > still it get's block'd > > Can someone provide me with ip6 rules that work > for them? > > -F > > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! News - Today's headlines > http://news.yahoo.com > --------------------------------------------------------------------- > The IPv6 Users Mailing List > Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
