FreeBSD, PF and IPv6
Results 1 to 3 of 3

Thread: FreeBSD, PF and IPv6

  1. #1
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    FreeBSD, PF and IPv6

    Anybody familiar with FreeBSD, PF and IPv6?

    I've got IPv6 setup properly. No problems there. All my machines have a global IPv6 address.

    My firewall has 2 nics. One connected to the Internet, the other to my lan. Pf.conf looks like this:
    Code:
    ext_if="rl0"
    int_if="rl1"
    block in on $ext_if inet6 from any to any
    If I load this rule I'm still able to access my 'internal' machines using their global IPv6 address

    WTF? PF supports IPv6 right? What am I doing wrong?

    BTW the IPv4 rules on the firewall work as they should. No problems there.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    From your description, I understand that your "firewall"-box
    does route the IPv6-traffic.


    Two questions to help to track down the problem - I apologise if
    these are too obvious:

    1. Does pf actually filter the IPv6 traffic? What happens if
    you block all IPv6 (and perhaps the IPv4)?

    Code:
    block all
    block quick inet6 all
    2. if so what about logging what it does? E.g. specifically for
    tcp? (or just remove "proto tcp")
    Code:
    block in log all
    block in log on $ext_if inet6 proto tcp from any to any
    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Well, it turns out to be bloody obvious. Why didn't I see it

    I have a tunnelbroker gif0 where the IPv6 traffic is actually coming in.. I need to firewall that interface and not the ethernet interface.. Doh!

    Thanks for the help sec_ware
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •