Hi,
I'm fighting again with our Mobile IPv6 related rules. I have this now active:
block in on wm4 from any to any head 6904
# Allow everything out from our internal networks
pass in quick proto tcp from any to any flags S \
keep state keep frags group 6904
pass in quick proto udp from any to any \
keep state keep frags group 6904
pass in quick proto ipv6-icmp from any to any \
keep state group 6904
pass in quick proto ipv6-opts from any to any \
keep state group 6904
pass in quick proto esp from any to any \
keep state group 6904
I see this in the logs:
Sep 13 11:02:39 fw ipmon[406]: 11:02:38.755937 wm4 @0:38 b
2001:xxx:xxx:xxx:xxx:xxx:xxx:4b65 -> 2001:xxx:xxx:xxx::1 PR ipv6-opts len 40
(104) IN
So the packet is coming in on wm4 interface but it looks like it won't match
with any of the rules, therefore it falls back to my defaults rules (group 0,
rules 38). Any ideas why?
This is NetBSD/amd64 4.0_RC1 with IPF 4.1.23.
Martti
