Hello,
I have a small problem with IPv6. I am trying to allow ssh via v6 from
a remote host and whilst the same ruleset works for IPv4, it fails for
IPv6. Could anyone point me in the right direction? If i disable PF,
everything works of course.
Here is my pf.conf (this is my home soekris router, doing nating too):
ext_if="sis1"
int_if="sis0"
ssh_server_v4="1xx:xxx:xxx:xxx"
ssh_server_v6="2001:xxxxxxxxxx"
set skip on lo
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
pass out
pass quick on $int_if no state
antispoof quick for { lo $int_if }
#ipv4
pass in inet proto icmp all
pass in quick on $ext_if proto tcp from $ssh_server_v4 to port ssh
#ipv6
pass in inet6 proto ipv6-icmp all
pass in quick on $ext_if proto tcp from $ssh_server_v6 to port ssh
block in
Thanks,
Steph
