Re: Updated IPFilter to version 5.1.2 in -current

To: Robert Swindells <rjs%fdy2.co.uk@localhost>
Subject: Re: Updated IPFilter to version 5.1.2 in -current
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Thu, 26 Jul 2012 20:27:40 +1000

Robert Swindells wrote:

Darren Reed wrote:

On the weekend I upgraded the IPFilter source code in -current from
5.1.1 to 5.1.2. This represents a serious effort in both test development
and bug fixing to the point that I'm more confident of it than what is
present in 6.0. I would love to hear back from those that are able to
upgrade, especially if you have had problems relating to the FTP proxy
in the past.


I just updated my router and it seems to be working in the same way
as the old version. I haven't built any packages yet though which is
the main way that I would use FTP.

Do you have any plans to update the sample rules files to show how to
mix IPv4 and IPv6 filters ?


I should do that.

Meanwhile...

If a rule does not mention "inet" or "inet6" then it will
default to "inet" (ipv4) if there are any layer 3 or layer
4 protocol matching bits.

e.g.
pass in proto tcp all

will only match ipv4 TCP packets but

pass in all

will match both IPv4 and IPv6 packets.
To match IPv6 packets, add "inet6" before "proto", e.g.:

pass in inet6 proto tcp all

Darren

References:
- Updated IPFilter to version 5.1.2 in -current
  - From: Darren Reed
- Re: Updated IPFilter to version 5.1.2 in -current
  - From: Robert Swindells

Prev by Date: daily CVS update output
Next by Date: Re: build simply stops
Previous by Thread: Re: Updated IPFilter to version 5.1.2 in -current
Next by Thread: daily CVS update output
Indexes:

Home | Main Index | Thread Index | Old Index