Subject: bin/36874: change of ipv6-icmp in pf.boot.conf
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <shinden@linux.pl>
List: netbsd-bugs
Date: 08/31/2007 18:20:00
>Number: 36874
>Category: bin
>Synopsis: change of ipv6-icmp in pf.boot.conf
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 31 18:20:00 +0000 2007
>Originator: daniel horecki
>Release: 4.99.30
>Organization:
>Environment:
NetBSD tatooine.stars 4.99.30 NetBSD 4.99.30 (TATOOINE) #5: Mon Aug 27 17:01:21 CEST 2007 root@tatooine.stars:/usr/obj/sys/arch/i386/compile/TATOOINE i386
>Description:
In recent current pf.boot.conf contains wrong name for ipv6 icmp. It should be ipv6-icmp, now it's icmp6.
>How-To-Repeat:
During boot there are errors from pf_boot, loading after boot rules doesn't work either:
tatooine# /sbin/pfctl -q -f /etc/defaults/pf.boot.conf
/etc/defaults/pf.boot.conf:27: unknown protocol icmp6
/etc/defaults/pf.boot.conf:28: unknown protocol icmp6
/etc/defaults/pf.boot.conf:29: unknown protocol icmp6
/etc/defaults/pf.boot.conf:30: unknown protocol icmp6
pfctl: Syntax error in config file: pf rules not loaded
>Fix:
This patch allow to load rules on boot:
--- usr.sbin/pf/etc/defaults/pf.boot.conf.orig 2007-08-28 20:54:32.000000000 +0200
+++ usr.sbin/pf/etc/defaults/pf.boot.conf 2007-08-28 20:55:04.000000000 +0200
@@ -24,7 +24,7 @@
pass out inet proto icmp all icmp-type echoreq keep state
# Allow IPv6 router/neighbor solicitation and advertisement.
-pass out inet6 proto icmp6 all icmp6-type neighbrsol
-pass in inet6 proto icmp6 all icmp6-type neighbradv
-pass out inet6 proto icmp6 all icmp6-type routersol
-pass in inet6 proto icmp6 all icmp6-type routeradv
+pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol
+pass in inet6 proto ipv6-icmp all icmp6-type neighbradv
+pass out inet6 proto ipv6-icmp all icmp6-type routersol
+pass in inet6 proto ipv6-icmp all icmp6-type routeradv