gt; Feel free to commit the change yourself.
Thank you. I've committed 1st patch and 3rd patch.
I think it is better removing the 'me6' microinstruction from the
kernel, and implement it in /sbin/ipfw by generating 'ip6 me'.
However, it seems to me that /sbin/ipfw is no
e servers will ping the IP while trying to decide if it's
# still in use.
@@ -525,21 +491,15 @@
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
${fwcmd} add pass tcp from $i to me $j
- if [ $ipv6_available -eq 0 ]; then
- ${fwcmd} add pas
client case, but potentially workstation as well)
Good catch! The client type firewall rule allows DHCP, implicitly.
I've committed to allow DHCPv6 as well for the client type firewall.
Since the workstation type firewall rule explicitly allows DHCP, we
have the rule to allow DHCPv6 already
id_match(args->f_id.flow_id6,
Index: sys/netinet/ipfw/ip_fw_sockopt.c
===
--- sys/netinet/ipfw/ip_fw_sockopt.c (revision 200668)
+++ sys/netinet/ipfw/ip_fw_sockopt.c (working copy)
@@ -536,6 +536,8 @@
case O_VERSRCREACH:
case
te
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add pass udp from me6 to any 53 keep-state
+ fi
# Allow NTP queries out in the world
${fwcmd} add pass udp from me to any 123 keep-state
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add pass ud
or better regressing to the old "ip from
any to
joao> any" ?
It should work as expected, too. You need to pay attention to the use
of `ip', `ipv4' and `ipv6' with `proto' keyword.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Jap
Hi,
>>>>> On Mon, 20 Feb 2006 17:21:50 -0300
>>>>> JoaoBR <[EMAIL PROTECTED]> said:
joao> On Monday 20 February 2006 12:08, Hajimu UMEMOTO wrote:
> It was MFC'ed into RELENG_6:
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ipfw2.
for me what ip6/ip4 tunneling has to do with diverting
It was MFC'ed into RELENG_6:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ipfw2.c.diff?r1=1.76.2.1&r2=1.76.2.2
The change is in meaning of `proto'. So, it is not only for `divert'.
Please refer the commit log of above cha
The following reply was made to PR kern/93422; it has been noted by GNATS.
From: Hajimu UMEMOTO <[EMAIL PROTECTED]>
To: Jo?o <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Hajimu UMEMOTO <[EMAIL PROTECTED]>
Subject: kern/93422: Re: ipfw divert rule
Date: Mon, 20 Feb 2006 1
Synopsis: [ipfw] ipfw2 no longer supports filtering IPv6-over-IPv4 on
6.0-RELEASE
State-Changed-From-To: open->patched
State-Changed-By: ume
State-Changed-When: Tue Nov 29 15:35:43 GMT 2005
State-Changed-Why:
I've just committed the fix into HEAD but silghtly different way.
Thank you for reporti
The following reply was made to PR kern/89472; it has been noted by GNATS.
From: Hajimu UMEMOTO <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4
on 6.0-RELEASE
Date: Sun, 27 Nov 2005 14:20:37
The following reply was made to PR kern/89472; it has been noted by GNATS.
From: Hajimu UMEMOTO <[EMAIL PROTECTED]>
To: =?ISO-8859-1?Q?Ga=EBl?= Roualland <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on
6.0-RELEA
The following reply was made to PR kern/89472; it has been noted by GNATS.
From: Hajimu UMEMOTO <[EMAIL PROTECTED]>
To: Gael Roualland <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], freebsd-ipfw@freebsd.org
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on
;& *proto != IPPROTO_IPV6)
+ if (strcmp(av, "ipv4") != 0 && strcmp(av, "ip4") != 0 &&
+ strcmp(av, "ipv6") != 0 && strcmp(av, "ip6") != 0)
fill_cmd(cmd, O_PROTO, 0, *proto);
return cmd;
The following reply was made to PR kern/88659; it has been noted by GNATS.
From: Hajimu UMEMOTO <[EMAIL PROTECTED]>
To: Jean-Yves Lefort <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: kern/88659: ipfw and ip6fw do not work properly as modules
Date: Wed, 09
15 matches
Mail list logo
