Hi Harald,
On Thu, Feb 10, 2011 at 11:01:47AM +0100, Harald Dunkel wrote:
| Hi folks,
|
| my IP provider doesn't support IPv6 yet. What is the
| recommended Packet Filter setup on an OpenBSD 4.8 gateway
| for this scenario? How do I make sure in pf that this
| "ICMPv6 Neighbor solitication" thing works correctly?
| Do I have to handle the "ipv6-where" and "ipv6-here"
| icmp types (IPv4!) as well, even though they seem
| deprecated?
What are you trying to achieve ? You mention your provider doesn't
support IPv6 yet but want to make sure neighbour sollicitation works ?
Why do you want to support neighbour discovery when your ISP doesn't
do IPv6 ?
| A simple "block quick inet6" doesn't seem appropriate,
| and building a customized kernel without IPv6 is not
| possible, AFAICS.
If you don't use IPv6, 'block quick inet6' is quite appropriate
(especially if building a kernel without IPV6 is your alternative).
You may also want to block all tunneled traffic with 'block quick inet
proto ipv6' and disable link-local addresses on your interfaces with
`ifconfig ${INTERFACE} -inet6` (or add '-inet6' to your
/etc/hostname.if files).
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
