Le lundi 10 mai 2021 à 22:51 +1000, David Gwynne a écrit :
>
>
> > On 10 May 2021, at 8:05 pm, Bastien Durel
> > wrote:
> >
> > Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit :
> > > Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
> > > > > > Does it work if you use the syntax sug
> On 10 May 2021, at 8:05 pm, Bastien Durel wrote:
>
> Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit :
>> Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
> Does it work if you use the syntax suggested in the upgrade
> notes
> for the example with "pass in on pppoe1 r
On Mon, May 10, 2021 at 12:05:16PM +0200, Bastien Durel wrote:
> Referencing fe80::520f:80ff:fe65:8800%pppoe0 in pf.conf results in a
> rule referencing fe80::520f:80ff:fe65:8800
I'm not sure where the scope id gets stripped, but the above may simply
be a misleading cosmetic issue.
pfctl -sr uses
Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit :
> Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
> > > > Does it work if you use the syntax suggested in the upgrade
> > > > notes
> > > > for the example with "pass in on pppoe1 reply-to ..."?
> > > >
> > > >
> > > For incoming conn
Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
Does it work if you use the syntax suggested in the upgrade notes
for the example with "pass in on pppoe1 reply-to ..."?
For incoming connections, I tried
pass in on pppoe0 inet6 reply-to fe80::520f:80ff:fe65:8800%pppoe0 keep state
pass in on
On 2021-05-08, Bastien Durel wrote:
> Le 08/05/2021 à 10:58, Stuart Henderson a écrit :
>> On 2021-05-08, Bastien Durel wrote:
>>> Le 07/05/2021 à 22:50, Stuart Henderson a écrit :
On 2021-05-07, Bastien Durel wrote:
> Hello,
>
> I have multiple ISPs plugged on my OpenBSD box, e
Le 08/05/2021 à 10:58, Stuart Henderson a écrit :
On 2021-05-08, Bastien Durel wrote:
Le 07/05/2021 à 22:50, Stuart Henderson a écrit :
On 2021-05-07, Bastien Durel wrote:
Hello,
I have multiple ISPs plugged on my OpenBSD box, each one providing its
IPv6 address space.
I used to route outg
On 2021-05-08, Bastien Durel wrote:
> Le 07/05/2021 à 22:50, Stuart Henderson a écrit :
>> On 2021-05-07, Bastien Durel wrote:
>>> Hello,
>>>
>>> I have multiple ISPs plugged on my OpenBSD box, each one providing its
>>> IPv6 address space.
>>>
>>> I used to route outgoing streams with :
>>>
>>>
Le 07/05/2021 à 22:50, Stuart Henderson a écrit :
On 2021-05-07, Bastien Durel wrote:
Hello,
I have multiple ISPs plugged on my OpenBSD box, each one providing its
IPv6 address space.
I used to route outgoing streams with :
net2_if = pppoe0
ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63
On 2021-05-07, Bastien Durel wrote:
> Hello,
>
> I have multiple ISPs plugged on my OpenBSD box, each one providing its
> IPv6 address space.
>
> I used to route outgoing streams with :
>
> net2_if = pppoe0
> ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")"
> ovh_v6_prefix = "2001:41d0:f
Hello,
I have multiple ISPs plugged on my OpenBSD box, each one providing its
IPv6 address space.
I used to route outgoing streams with :
net2_if = pppoe0
ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")"
ovh_v6_prefix = "2001:41d0:fe4b:ec00::0/56"
table const { $ovh_v6_prefix, $free_v
On Feb 1, 2011, at 11:00 PM, Paul de Weerd wrote:
> On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote:
> | 4.9 GENERIC#626 i386
> |
> | I write a rule that says this:
> | pass in on $ext_if inet6 proto ipv6-icmp from any to
2620:0100:900f:c9::/56
> |
> | and pfctl shows this:
> | pass i
On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote:
| 4.9 GENERIC#626 i386
|
| I write a rule that says this:
| pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56
|
| and pfctl shows this:
| pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 kee
4.9 GENERIC#626 i386
I write a rule that says this:
pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56
and pfctl shows this:
pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep
state
Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assumin
On Wed, Dec 2, 2009 at 9:44 AM, Rod Whitworth wrote:
> Yeah, I think you show signs of being capable of learning with just a
> few hints to point you in the right direction.
Thanks, certainly hope so too :)
I came to realize yesterday how little i understood about PF and IPv6
filtering but am no
On Wed, 2 Dec 2009 09:28:15 +, FRLinux wrote:
>On Wed, Dec 2, 2009 at 2:06 AM, Rod Whitworth wrote:
>> You need to do a little more study on IPv6.
>> Besides that my hands are not up to punching out long stories... ;)
>> Oh and please don't CC me. I AM on the list and I cannot read an ema
On Wed, Dec 2, 2009 at 2:06 AM, Rod Whitworth wrote:
> You need to do a little more study on IPv6.
> Besides that my hands are not up to punching out long stories... ;)
> Oh and please don't CC me. I AM on the list and I cannot read an email
> with each eye ;))
Thanks :)
Steph
On Wed, 2 Dec 2009 01:30:08 +, FRLinux wrote:
>On Wed, Dec 2, 2009 at 1:21 AM, FRLinux wrote:
>> On Wed, Dec 2, 2009 at 1:01 AM, FRLinux wrote:
>>> I do have another problem though. I am also using rtadvd and cannot at
>>> the moment ping6 out whereas ping6 from the outside to a host on
>>>
On Wed, Dec 2, 2009 at 1:21 AM, FRLinux wrote:
> On Wed, Dec 2, 2009 at 1:01 AM, FRLinux wrote:
>> I do have another problem though. I am also using rtadvd and cannot at
>> the moment ping6 out whereas ping6 from the outside to a host on
>> rtadvd works...
>
> With pftop, i can see the packets, f
On Wed, Dec 2, 2009 at 1:01 AM, FRLinux wrote:
> I do have another problem though. I am also using rtadvd and cannot at
> the moment ping6 out whereas ping6 from the outside to a host on
> rtadvd works...
With pftop, i can see the packets, first a successful one (pinging
from the outside to one o
On Wed, Dec 2, 2009 at 12:42 AM, Rod Whitworth wrote:
> I saw your email saying you had fixed your problem BUT that last line
> above negates both of your icmp rules. A 'block in' statement would
> normally be the first filter rule and then only explicit allowed
> traffic gets in and you could tak
On Wed, 2 Dec 2009 00:21:40 +, FRLinux wrote:
>Hello,
>
>I have a small problem with IPv6. I am trying to allow ssh via v6 from
>a remote host and whilst the same ruleset works for IPv4, it fails for
>IPv6. Could anyone point me in the right direction? If i disable PF,
>everything works of cou
Forgive my own siliness, the ipv6 address was not the right one, sorry
for the noise...
Steph
On Wed, Dec 2, 2009 at 12:21 AM, FRLinux wrote:
> I have a small problem with IPv6. I am trying to allow ssh via v6 from
> a remote host and whilst the same ruleset works for IPv4, it fails for
> IPv6. Could anyone point me in the right direction? If i disable PF,
> everything works of course.
Ju
Hello,
I have a small problem with IPv6. I am trying to allow ssh via v6 from
a remote host and whilst the same ruleset works for IPv4, it fails for
IPv6. Could anyone point me in the right direction? If i disable PF,
everything works of course.
Here is my pf.conf (this is my home soekris router,
25 matches
Mail list logo
