Please throw light on IPv6 filtering

pradeep reddy Mon, 30 Jan 2006 04:43:27 -0800
Hello All

could you please throw light on IPv6 filtering .
I had compiled and installed sucessfully 4.1.8 and pfil 2.1.7 on 
  #uname -a
  #SunOS sf44ce21 5.9 Generic_118558-11 sun4u sparc SUNW,Sun-Fire-V440
  
  The packages installed are  "pfil ipf ipfx".
  My machine has ipv6 support and configured with ipv6.
  
  Output of "ifconfig -a" 
  *************************************
  lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 5
          inet 127.0.0.1 netmask ff000000 
  ce3: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 8
          inet 180.144.225.62 netmask ffff0000 broadcast 180.144.255.255
          groupname core
          ether 0:3:ba:b2:32:f6 
  ce3:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
          inet 180.144.225.40 netmask ffff0000 broadcast 180.144.255.!
 255
 
 ce3:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4> mtu 1500 index 8
          inet 180.144.225.42 netmask ffff0000 broadcast 180.144.255.255
  ce3: flags=a040841<UP,RUNNING,MULTICAST,DEPRECATED,IPv6,NOFAILOVER> mtu 1500 index 8
          ether 0:3:ba:b2:32:f6 
          inet6 fe80::203:baff:feb2:32f6/10 
          groupname core
  ce3:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 8
          inet6 2106:22:188:252:0:66:1:1/10
  **************************************************************
  #cat /etc/opt/ipf/ipf6.conf 
  
  block in quick on ce3  proto tcp from any to 2106:22:188:252:0:66:1:1/10 port =
  23
  --After the configuration activated rule by executing 
  # /etc/init.d/ipfboot start
  Set 0 now inactive
  filter sync'd
  
  ----------------------------------------------------------------------
  After this activation ,still i am able to open a telnet connectio!
 n to the
 ipv6 2106:22:188:252:0:66:1:1
  
  Am I doing some thing wrong?
  --------------------------------------------------------------------
  
  Some more information on system status..
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  output of ipfstat 
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~!
  [EMAIL PROTECTED]> ipfstat
  bad packets:            in 0    out 0
   IPv6 packets:          in 0 out 0
   input packets:         blocked 0 passed 1904 nomatch 1833 counted 0 short 0
  output packets:         blocked 0 passed 101 nomatch 1 counted 0 short 0
   input packets logged:  blocked 0 passed 0
  output packets logged:  blocked 0 passed 0
   packets logged:        input 0 output 0
   log failures:          input 0 output 0
  fragment state(in):     kept 0  lost 0  not fragmented 0
  fragment state(out):    kept 0  lost 0  not fragmented 0
  packet state(in):       kept 0  lost 0
  packet state(out):      kept 0  lost 0
  ICMP replies:   0   !
     TCP
 RSTs sent:  0
  Invalid source(in):     0
  Result cache hits(in):  71      (out):  100
  IN Pullups succeeded:   0       failed: 0
  OUT Pullups succeeded:  0       failed: 0
  Fastroute successes:    0       failures:       0
  TCP cksum fails(in):    0       (out):  0
  IPF Ticks:      287
  Packet log flags set: (0)
          none
  [EMAIL PROTECTED]> 
  ************************************************************
  output of "ndd /dev/pfil qif_status"
  
  [EMAIL PROTECTED]> ndd /dev/pfil qif_status
  ifname ill q OTHERQ ipmp num sap hl nr nw bad copy copyfail drop notip nodata notdata
  QIF3 0x0 0x30028ba52e8 0x30028ba53d8 0x0 3 8035 0 0 0 0 0 0 0 0 0 0
  ce3 0x30000064030 0x30007e3bca8 0x30007e3bd98 0x0 2 800 14 162717 7921 0 0 0 0 0 0 0
  QIF1 0x0 0x30007d9cfd0 0x30007d9d0c0 0x0 1 806 0 21 22 0 0 0 0 0 0 0


ouput of netstat -r 
  
  Routing Table: IPv4
     Destination            Gateway         !
    Flags 
 Ref   Use   Interface
  180.144.0.0           sf44ce21              U          1     79  ce3:1
  180.144.0.0           sf44ce21              U          1      0  ce3
  180.144.0.0           sf44ce21              U          1      0  ce3:2
  180.144.0.0           sf44ce21              U          1     23  ce2
  224.0.0.0             sf44ce21              U          1      0  ce3:1
  default               180.144.1.254         UG        1     259  
  localhost             localhost             UH      124 545190  lo0
  
  Routing Table: IPv6
     Destination/Mask             Gateway                    Flags Ref   Use   If  
  --------------------------- --------------------------- ----- --- ------ -----
  fe80::/10                    fe80::203:baff:feb2:32f4     U       1      5  ce1  
  fe80::/10                    fe80::203:baff:feb2:32f7     U       1      0  ce4  
  fe80::/10                    sf44ce21                     U      !
  1      5
  ce2  
  2100::/10                    sf44ce21-admin               U       1      2  ce1:1
  2100::/10                    sf44ce21-backup              U       1      0  ce4:1
  2100::/10                    sf44ce21                     U       1      0  ce3:1
  ff00::/8                     fe80::203:baff:feb2:32f4     U       1      0  ce1  
  localhost                    localhost                    UH      4    355 lo0
  -----------------------------------------------------------------------------------
  
  output of #ipfstat -6io
  
  [EMAIL PROTECTED]> ipfstat -6io
  empty list for ipfilter(out)

Best Regards
Pradeep Reddy 
  block in quick from any to 2106:22:188:252:0:66:1:1/10 port = 21
Have a Nice day

pradeep reddy
Bring words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail.
Please throw light on IPv6 filtering

Reply via email to
