On Friday 04 August 2006 13:13, Fabian Keil wrote: > Max Laier <[EMAIL PROTECTED]> wrote: > > On a box running sshd (or something listening on an inet6 tcp port) > > load the following ruleset: > > > > pass quick on lo0 all > > pass quick on bge0 inet all > > block drop log all > > pass in log-all on bge0 inet6 proto tcp from any to 3000::1 port = ssh \ > > flags S/SA keep state > > > > where bge0 is a real interface and 3000::1 is configured on that > > interface. Then try "telnet 3000::1 22" and see if it works and > > provide me with the a tcpdump from pflog0 during the connection > > attempt - whether it works or not. > > On OpenBSD 3.9 with GENERIC kernel and the following ruleset: > > pass log quick on lo0 all > pass quick on ne3 inet all > block drop log all > pass in log (all) on ne3 inet6 proto tcp from any to 3000::1 port = ssh > flags S/SA keep state > > [added "log" in the first line and changed "log-all" to "log (all)" in the > last one] > > telnet works and the log shows: > Aug 04 13:07:08.201358 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:08.201772 rule 0/(match) pass in on lo0: [|ip6] > Aug 04 13:07:08.204606 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:08.205024 rule 0/(match) pass in on lo0: [|ip6] > Aug 04 13:07:08.205758 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:08.205867 rule 0/(match) pass in on lo0: [|ip6] > Aug 04 13:07:08.954137 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:08.954581 rule 0/(match) pass in on lo0: [|ip6] > Aug 04 13:07:09.150295 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:09.150509 rule 0/(match) pass in on lo0: [|ip6] > Aug 04 13:07:37.841839 rule 0/(match) pass out on lo0: [|ip6] > Aug 04 13:07:37.842188 rule 0/(match) pass in on lo0: [|ip6] > [...] > > Is that enough information, or do you need the actual binary > file?
No, that's fine. Thanks a lot. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpyyRaXR33yN.pgp
Description: PGP signature