On 14-8-2014 17:53, Lee Dilkie wrote:
>
> On 8/14/2014 11:27 AM, Willem Jan Withagen wrote:
>> On 14-8-2014 14:46, Lee Dilkie wrote:
>>> On 8/14/2014 08:08, Willem Jan Withagen wrote:
>>>> I've found the notation ipnr:something rather frustrating when using
>>>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the
>>>> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s.
>>>> compare
>>>> 2001:4cb8:3:1::1
>>>> 2001:4cb8:3:1::1:80
>>>> [2001:4cb8:3:1::1]:80
>>>> The first and the last are the same host but a different port, the
>>>> middle one is just a different host.
>>>>
>>>> Could/should we do the same in ipfw?
>>> the first and second forms are valid, but as ipv6 addresses *with no port*,
>>>
>>> The third is an ipv6 address with a port.
>>>
>>> If the intent of the second form is an address and port, it will not be
>>> parsed that way by standard parsers and violates the ivp6 addressing rfc's.
>> I agree, but ipfw does not understand [2001:4cb8:3:1::1] last time I tried.
>> So I think you rephrased what I meant to say.
>>
>> Thanx,
>> --WjW
>>
>
> and re-reading your original post, yes you did state it correctly.
>
> ipfw needs to be fixed to understand the correct format of ipv6 addresses.
>
> however, this isn't the only offender. netstat's output is also
> incorrect (linux example)
>
>
> tcp 0 0 :::22
> :::* LISTEN
>
> should be
>
> tcp 0 0 [::]:22
> [::]:* LISTEN
>
> I don't understand why folks dream up incompatible, and unparsable, ipv6
> address formats. Why bother with rfc's if no-one writes to them.
>
> (see rfc5952)
It think that that was the RFC I found when looking into getting the
browser to do the right thing when I want it to go to:
[2001:4cb8:3:1::1]:8080
Well the RFC would be an argument to at least spec an IPv6 address in a
ipfw rule to be allowed either with or without []'s. And if you run into
trouble by not using the []'s, they are "easily" added.
--WjW
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
