Their has been some discussion about conf/3517 which is about ipf(8)
filtering for IPv6. I see -current has this in /etc/rc.d/ipfilter:
ipfilter_start()
{
echo "Enabling ipfilter."
case `${CMD_OSTYPE}` in
FreeBSD)
${ipfilter_program:-/sbin/ipf} -Fa -f \
"${ipfilter_rules}" ${ipfilter_flags}
;;
NetBSD)
/sbin/ipf -E -Fa
if [ -f /etc/ipf.conf ]; then
/sbin/ipf -f /etc/ipf.conf
fi
if [ -f /etc/ipf6.conf ]; then
/sbin/ipf -6 -f /etc/ipf6.conf
fi
;;
esac
}
Can FreeBSD do the same as NetBSD?
There is another problem with the FreeBSD code. The ${ipfilter_flags}
won't be executed at the end of the command. It seems that it needs to
be before the -f flag:
# ipf -6 -Fa -f /tmp/ipf.rules -v
# ipf -6 -Fa -v -f /tmp/ipf.rules
[pass in from any to 2001:abcd::/128]
pass in from any to 2001:abcd::/128
#
rvdp
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
