Re: netbsd-7 ipfilter failure?

To: Christos Zoulas <christos%astron.com@localhost>
Subject: Re: netbsd-7 ipfilter failure?
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Wed, 12 Nov 2014 15:59:16 +0100 (CET)

On Wed, 12 Nov 2014, Christos Zoulas wrote:

Date: Wed, 12 Nov 2014 12:52:25 +0000 (UTC)
From: Christos Zoulas <christos%astron.com@localhost>
To: current-users%netbsd.org@localhost
Subject: Re: netbsd-7 ipfilter failure?

In article <Pine.NEB.4.64.1411121338240.5477%6bone.informatik.uni-leipzig.de@localhost>,
<6bone%6bone.informatik.uni-leipzig.de@localhost> wrote:

I have already tested a configuration that only uses /etc/ipf.conf.

   block in on ixg0 family inet
   pass in on ixg0 family inet6

The first line blocks all ipv4 traffic. It works.
The second line should allow only ipv6 traffic. But the second line also
re-allows ipv4 traffic. So I assume that the address family is not
evaluated correctly.


Why don't you make the first rule final?


block in on ixg0 family inet - it blocks ipv6 traffic too.

christos

Follow-Ups:
- Re: netbsd-7 ipfilter failure?
  - From: Christos Zoulas

References:
- Re: netbsd-7 ipfilter failure?
  - From: 6bone
- Re: netbsd-7 ipfilter failure?
  - From: Greg Troxel
- Re: netbsd-7 ipfilter failure?
  - From: 6bone
- Re: netbsd-7 ipfilter failure?
  - From: Christos Zoulas

Prev by Date: Re: netbsd-7 ipfilter failure?
Next by Date: Re: netbsd-7 ipfilter failure?
Previous by Thread: Re: netbsd-7 ipfilter failure?
Next by Thread: Re: netbsd-7 ipfilter failure?
Indexes:

Home | Main Index | Thread Index | Old Index