On 11/22/2014 4:55 AM, Robin Geuze wrote:
IPv6 uses icmp6 to trqnsmit ndp packets. Ndp is basically the ipv6
version of arp. Based on your packet dump it seems your server is
trying to figure out the mac address for the router for ipv6 but is
disallowed by your pf rules. "pass in quick icmp6 from any to any"
and "pass out quick icmp6 from any to any" should fix your problem.
Or just "pass quick icmp6 from any to any".
You should limit the types, though. See RFC 4890. In short, allow
types 1, 2, 3, 4, 128, 129, 135, and 136 universally. If you use router
advertisements, add types 133 and 134.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
