On Nov 12, 3:59pm, [email protected] ([email protected]) wrote: -- Subject: Re: netbsd-7 ipfilter failure?
| On Wed, 12 Nov 2014, Christos Zoulas wrote: | | > Date: Wed, 12 Nov 2014 12:52:25 +0000 (UTC) | > From: Christos Zoulas <[email protected]> | > To: [email protected] | > Subject: Re: netbsd-7 ipfilter failure? | > | > In article <[email protected]>, | > <[email protected]> wrote: | >> I have already tested a configuration that only uses /etc/ipf.conf. | >> | >> block in on ixg0 family inet | >> pass in on ixg0 family inet6 | >> | >> The first line blocks all ipv4 traffic. It works. | >> The second line should allow only ipv6 traffic. But the second line also | >> re-allows ipv4 traffic. So I assume that the address family is not | >> evaluated correctly. | > | > Why don't you make the first rule final? | | block in on ixg0 family inet - it blocks ipv6 traffic too. Ask Darren or use npf :-) christos
