Subject: ipfilter 3.4beta - ipv6 filtering.
To: None <>
From: Darren Reed <>
List: current-users
Date: 02/19/2000 16:15:15
A beta of the next IP Filter is now available, supporting filtering of
IPv6.  It will require a 1.4T or later kernel to work.  To install,
run "BSD/kupgrade" to update srcs under /sys and compile with INET6
uncommented in ipf3.4beta/Makefile.  At this stage, the user land
binaries need to be compiled depending on whether the kernel has
been built with "options INET6" or not.  There is no (planned) backward
binary compatibility, for the kernel, between this and earlier versions.

To load ipv6 filtering rules, "ipf -6f <filename>" and to view ipv6
rules loaded into the kernel "ipfstat -6io".  Statistics gathered
are global for both ipv4 & ipv6, as are options such as rule flushing,
(in)active, etc.

I would like to see this merged with -current, as 3.4, in time for 1.5,
once it has been tested enough so that people are happy (i.e. bugs ironed
out and documentation updated :).


> To:
> From: Darren Reed <>
> Subject: IP Filter 3.4beta
> Date: Sun, 20 Feb 100 10:56:45 +1100 (EST)
> There are a bundle of new features in 3.4 (and missing documentation O:-),
> but I'm not too keen to elaborate upon them yet except for IPv6.  I would
> really like people using Solaris8/*BSD to try out 3.4's IPv6 filtering.
> At present, NetBSD-current (as of 1.4T, with my pfil changes) is the only
> BSD upon which IPv6 filtering is supported.  I'd *really* like the other
> BSD platforms to adopt the NetBSD pfil method for installing filters.
> If that doesn't happen, you'll need to provide me with per-version patches
> to call IP Filter.  The only holes in IPv6 support are "to <if>" (BSD),
> "to <if>:<ip>" (BSD, Solaris) and NAT (not at all).  NAT is only really
> a problem because the ftp proxy is unavailable, otherwise, if you need
> address translation with IPv6 I'll visit you with a baseball bat in hand!
> >;-)
> Darren