Re: npf over ipv6

[triaxx%NetBSD.org@localhost]

Le 27/06/2024 à 22:19, Michael van Elst a écrit :
> triaxx%NetBSD.org@localhost writes:
>
> > |         pass stateful out final all # id="2"
> > |         pass stateful in final family inet4 proto tcp flags S/FSRA to
> > 51.159.70.149 port 22 # id="3"
> > |         pass stateful in final family inet6 proto tcp flags S/FSRA to
> > 2001:bc8:1200:d:ec4:7aff:fe0d:b158 port 22 # id="4"
> > |         pass final on lo0 all # id="5"
> > |         block all apply "log" # id="6"
>
>
> > | uzqew% ssh -6 kyroz.triaxx.org
> > | ssh: connect to host kyroz.triaxx.org port 22: Operation timed out
>
>
> For IPv6 you also need to pass ipv6-icmp traffic, to handle
> neighbour detection (which would ARP for IPv4).
>
> 	pass final family inet6 proto ipv6-icmp all

I forgot it. It now connects. Thanks a lot.