inet6 | NPF | fbsd


NetBSD 6 had sporadic inet6 problems and someone recommended to
open traffic at fe80::/10 and ff00::/10, so I added this to npf.conf:

$link6 = { fe80::/10, ff00::/10 }
pass stateful out family inet6 proto ipv6-icmp from $link6
pass stateful in family inet6 proto ipv6-icmp to $link6

which fixed the inet6 lapses.

Every machine on this network is manually configured for inet6 and
I am familiar with fe80::/10 but what is ff00::/10?

It has been a few years since I studied inet6- mostly use it.

Also, does someone know what is happening with NetBSD that is not
going on with FreeBSD regarding inet6 traffic?  On FreeBSD, ipfw
shows inet6 traffic like this:

0        0 allow log ipv6-icmp from :: to ff02::/16
0        0 allow log ipv6-icmp from fe80::/10 to fe80::/10
0        0 allow log ipv6-icmp from fe80::/10 to ff02::/10
13935   952840 allow log ipv6-icmp from any to any \
        ip6 icmp6types 1,2,128,129,135,136

so it seems like there is no link-local traffic while about 14
thousand packets have passed otherwise, even considering that ipfw
passes the first match and npf passes the last match.

Even if ssh is used to login to nbsd6, ipfw shows no inet6 traffic
other than manually-configured unicast.


