On Aug 8, 2014, at 20:10, Brian Buhrow <buh...@nfbcal.org> wrote: > Hello Dave. Can't you use the BRIDGE_IPF option to enable filtering on > the bridge(4) that bridges the inside and outside interface of your NetBSD > box and then write a filter that allows IPV6 and blocks IPV4 packets?
Hmm, I'm not sure how to do that... my understanding is that with BRIDGE_IPF, the filter rules don't specifically reference the bridge, but reference the component interfaces of the bridge. It seems like a rule that's intended to only block only bridging of IPv4 between the two interfaces would block *all* IPv4 between the two interfaces, not just bridged traffic. > Another way to possibly do this is if you have 3 interfaces on your > NetBSD box. It's a Soekris net5501 with 4 interfaces, so this seems doable... I haven't quite gotten it working though; not sure why. The machines on the LAN side are getting public IPv6 addresses, so SLAAC is working. However, I can't actually pass any IPv6 traffic... The device is sending an ICMP6 neighbor solicitation looking for the AT&T router's link local address, and it does like that's being sent out the correct interface to the router. However, the router doesn't respond. I can successfully ping6 the AT&T router's LL address from the NetBSD box though. I'll mess around with it more... it seems like this setup should work :) Thanks! -- Name: Dave Huang | Mammal, mammal / their names are called / INet: k...@azeotrope.org | they raise a paw / the bat, the cat / FurryMUCK: Dahan | dolphin and dog / koala bear and hog -- TMBG Dahan: Hani G Y+C 38 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
