https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390
Tatsuki Makino <tatsuki_mak...@hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tatsuki_mak...@hotmail.com
--- Comment #19 from Tatsuki Makino <tatsuki_mak...@hotmail.com> ---
I just tried this today :)
I don't know what's happening on the inside, but it seemed necessary to create
a record with outbound packets and return to an NPTv6 instance with the record,
so I made the following rules.
nptv6 bridge0 create int_prefix fd20:0:0:1:: ext_if vlan2 prefixlen 64
nptv6 vlan1 create int_prefix fd20:0:0:2:: ext_if vlan2 prefixlen 64
#define allow skipto 59900
add check-state
add 20 allow ...
add 30 allow ...
add 100 deny ip from any to any
#undef allow
add 59910 nptv6 bridge0 ip6 from any to any out recv bridge0 xmit vlan2
keep-state
add 59920 nptv6 vlan1 ip6 from any to any out recv vlan1 xmit vlan2 keep-state
add 59930 allow ip from any to any
It seems that the interface can also be identified and returned until the
dynamic rule times out.
--
You are receiving this mail because:
You are on the CC list for the bug.
