> Date: Fri, 25 Apr 2008 16:48:46 -0300
> From: "Tobias P. Santos" <[EMAIL PROTECTED]>
>
> Kevin Oberman wrote:
> > Running 7-STABLE of April 10, if I disable the firewall ('sysctl
> > net.inet.ip.fw.enable=0'), IPv4 traffic passes, but IPv6 will not. I had
> > to add a "allow ip from any to any" rule to get IPv6 to work pass
> > traffic. (Since I was accessing the system in question via IPv6, this
> > was a bit annoying!)
> >
> > Am I missing anything? The rc.subr script for ipfw just sets the sysctl I
> > did when it stops the firewall.
>
>
> # sysctl -a | grep fw
> net.inet.ip.fw.dyn_keepalive: 1
> net.inet.ip.fw.dyn_short_lifetime: 5
> net.inet.ip.fw.dyn_udp_lifetime: 10
> net.inet.ip.fw.dyn_rst_lifetime: 1
> net.inet.ip.fw.dyn_fin_lifetime: 1
> net.inet.ip.fw.dyn_syn_lifetime: 20
> net.inet.ip.fw.dyn_ack_lifetime: 300
> net.inet.ip.fw.static_count: 8
> net.inet.ip.fw.dyn_max: 4096
> net.inet.ip.fw.dyn_count: 0
> net.inet.ip.fw.curr_dyn_buckets: 256
> net.inet.ip.fw.dyn_buckets: 256
> net.inet.ip.fw.verbose_limit: 0
> net.inet.ip.fw.verbose: 1
> net.inet.ip.fw.debug: 1
> net.inet.ip.fw.one_pass: 1
> net.inet.ip.fw.autoinc_step: 100
> net.inet.ip.fw.enable: 1
> net.link.ether.ipfw: 0
> net.inet6.ip6.fw.enable: 1 <------------ voila!!!
> net.inet6.ip6.fw.debug: 1
> net.inet6.ip6.fw.verbose: 1
> net.inet6.ip6.fw.verbose_limit: 0
> net.inet6.ip6.fw.deny_unknown_exthdrs: 1
> Thanks! I need to file a PR to get that into the rc script. I should have looked for a inet6 specific sysctl for this. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpIPYQlTyOyw.pgp
Description: PGP signature
