Re: netbsd-7 ipfilter failure?

To: 6bone%6bone.informatik.uni-leipzig.de@localhost
Subject: Re: netbsd-7 ipfilter failure?
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Wed, 12 Nov 2014 10:30:11 -0500

On Nov 12,  3:59pm, 6bone%6bone.informatik.uni-leipzig.de@localhost (6bone%6bone.informatik.uni-leipzig.de@localhost) wrote:
-- Subject: Re: netbsd-7 ipfilter failure?

| On Wed, 12 Nov 2014, Christos Zoulas wrote:
| 
| > Date: Wed, 12 Nov 2014 12:52:25 +0000 (UTC)
| > From: Christos Zoulas <christos%astron.com@localhost>
| > To: current-users%netbsd.org@localhost
| > Subject: Re: netbsd-7 ipfilter failure?
| > 
| > In article <Pine.NEB.4.64.1411121338240.5477%6bone.informatik.uni-leipzig.de@localhost>,
| > <6bone%6bone.informatik.uni-leipzig.de@localhost> wrote:
| >> I have already tested a configuration that only uses /etc/ipf.conf.
| >>
| >>    block in on ixg0 family inet
| >>    pass in on ixg0 family inet6
| >>
| >> The first line blocks all ipv4 traffic. It works.
| >> The second line should allow only ipv6 traffic. But the second line also
| >> re-allows ipv4 traffic. So I assume that the address family is not
| >> evaluated correctly.
| >
| > Why don't you make the first rule final?
| 
| block in on ixg0 family inet - it blocks ipv6 traffic too.

Ask Darren or use npf :-)

christos

References:
- Re: netbsd-7 ipfilter failure?
  - From: 6bone

Prev by Date: Re: netbsd-7 ipfilter failure?
Next by Date: Automated report: NetBSD-current/i386 build failure
Previous by Thread: Re: netbsd-7 ipfilter failure?
Next by Thread: Re: netbsd-7 ipfilter failure?
Indexes:

Home | Main Index | Thread Index | Old Index