On Tue, Apr 05, 2005 at 03:34:08PM +0000, Darren Reed wrote:
> 
> For those that use IPFilter with IPv6 on NetBSD, does the current
> configuration cause any problems for you?

No

> 
> Do you edit ipf.conf and forget to edit ipf6.conf or vice verssa?

It can happen, but I'm not sure a merged ipf.conf would fix this in my case.

> 
> Are there interaction issues or reporting problems needing to
> remember -6?

They are, but it's not an issue. The problem is with v4, or with v6,
so you have to use -6 or not. It can make things easier, in fact :)

> 
> If there was just a single configuration file, ipf.conf, that
> contained all IP (IPv4/6) firewall rules, would this make like
> easier or harder?
> 
> If you were forced to manually transition your current system
> layout with both ipf.conf and ipf6.conf, would this be a serious
> issue?

The way my rules are made it wouldn't change much: there would just be one
part for v4 and one part for v6, instead of a merged file.

> 
> One other question, if NAT were to support IPv6 also, would you
> expect a ipnat6.conf or for it to all fit in ipnat.conf?

The way things are currently done, I would expect a ipnat6.conf, but if
there is a merged ipf.conf file, I would expect a single ipnat.conf

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--