Hello,

since several days i play around with IPv6 in NetBSD. So i also tried to
set up some filter rules with ipf for this. But there seem to be big problems
in ipf to really use these rules. Here is an example:

bash-2.05# ipf -6f -
block in on lo0 from any to any
block out on lo0 from any to any
bash-2.05# ping6 ::1
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.808 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.512 ms
^C

I would say, this ping really shouldn't come through after the above rules.
IPv4 traffic is also open with these rules, if i leave out parameter -6, this
happens:

bash-2.05# ipf -f -
block in on lo0 from any to any
block out on lo0 from any to any
bash-2.05# ping localhost
PING localhost (127.0.0.1): 56 data bytes
ping: sendto: No route to host
^C
bash-2.05# ping6 ::1
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.82 ms
^C

So again, no IPv6 packets are blocked, but IPv4 traffic is correclty blocked
now.

Am i doing something wrong, or is this just a really evil problem in the
current configuration of ipf and IPv6 in NetBSD?

System running is NetBSD-1.5.2, the same problems encountered with NetBSD-1.5.

Any hints?

...Michael

-- 
visit http://www.bsdfans.org/   Home network powered by: NetBSD OpenBSD FreeBSD
Solaris HP-UX IRIX AIX MUNIX Tru64 Ultrix VMS SINIX Dolphin_Unix OpenStep MacOS