Subject: bin/10269: /usr/share/examples/ipf/mkfilters is broken w.r.t. ipv6
To: None <gnats-bugs@gnats.netbsd.org>
From: Michael Graff <explorer@flame.org>
List: netbsd-bugs
Date: 06/02/2000 16:52:13
>Number: 10269
>Category: bin
>Synopsis: /usr/share/examples/ipf/mkfilters is broken w.r.t. ipv6
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 02 16:53:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Michael Graff
>Release: Thu Jun 1 18:58:50 PDT 2000
>Organization:
>Environment:
System: NetBSD poofball.flame.org 1.4Z NetBSD 1.4Z (POOFBALL) #2: Thu Jun 1 18:58:50 PDT 2000 root@poofball.flame.org:/amd/kechara/raid0/OS/NetBSD/src/sys/arch/i386/compile/POOFBALL i386
>Description:
mkfilters produces bogus output for ipv6 addresses:
#
# The following routes should be configured, if not already:
#
# route add inet6 3ffe:8050:201:1860:240:5ff:fe35:5eb7 prefixlen 64 localhost 0
# route add inet6 fe80::2a0:c9ff:fe5c:ba26%fxp0 prefixlen 64 scopeid 0x2 localhost 0
#
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
pass out on de0 all head 150
block out from 127.0.0.0/8 to any group 150
block out from any to 127.0.0.0/8 group 150
block out from any to inet6 3ffe:8050:201:1860:240:5ff:fe35:5eb7 prefixlen 64/32 group 150
pass in on de0 all head 100
block in from 127.0.0.0/8 to any group 100
block in from inet6 3ffe:8050:201:1860:240:5ff:fe35:5eb7 prefixlen 64/32 to any group 100
block in from inet6 fe80::2a0:c9ff:fe5c:ba26%fxp0 prefixlen 64 scopeid 0x2/0xfffffff0 to any group 100
pass out on fxp0 all head 350
block out from 127.0.0.0/8 to any group 350
block out from any to 127.0.0.0/8 group 350
block out from any to inet6 fe80::2a0:c9ff:fe5c:ba26%fxp0 prefixlen 64 scopeid 0x2/32 group 350
pass in on fxp0 all head 300
block in from 127.0.0.0/8 to any group 300
block in from inet6 fe80::2a0:c9ff:fe5c:ba26%fxp0 prefixlen 64 scopeid 0x2/32 to any group 300
block in from inet6 3ffe:8050:201:1860:240:5ff:fe35:5eb7 prefixlen 64/0xffffffc0 to any group 300
Also, it uses #!/usr/local/bin/perl at the top, which should be
#!/usr/pkg/bin/perl
>How-To-Repeat:
Run mkfilters on a host that has ipv6 interfaces configured.
>Fix:
None provided.
>Release-Note:
>Audit-Trail:
>Unformatted: