On 13/07/16(Wed) 18:28, Quentin Rameau wrote: > > Hello there, > Hi, > > > Here is my patch that adds support for creating IPv6-only or > >IPv4-only bridges. This is different from simply blocking one of the > >protocols via PF - it allows you to create a setup where IPv4 is routed > >and IPv6 is bridged (or vice versa). Both of them being filtered by the > >same set of PF rules. It adds two new bridge port options to ifconfig - > >BLOCKIPV4 and BLOCKIPV6. BLOCKIPV4 also stops ARPs requests from > >"leaking" across the bridge - something I couldn't accomplish by PF alone. > > The patch breaks the binary compatibility of ifconfig - it must be > >rebuilt with the new kernel. > > I don't know if anyone will find any use for it. For sure it is > >very useful with the second-biggest FTTH/ADSL operator in France who > >offers consumer-grade IPv6 access with an indivisible /64 network that > >must be bridged for firewalling (and a single IPv4/32 address that must > >be NATted). > > Patch is against -current, any comments are welcome. > Thank you for that, I just found it and applyed a few hours ago. > This is indeed handy for that situation. > It's working fine ATM, I'll let you know if I stumble upon problems. > That'd be nice to see that merged!
As discussed with landry@ and sthen@ this won't be merged. Your problem could also be solved by using a NDP proxy, that's a solution we would recommend if your ISP cannot fix his setup.
