by mail.netbsd.org with SMTP; 10 May 2000 07:58:23 -0000
	by darren2.lnk.telstra.net (8.9.1/8.8.7) id GAA25813;
	Wed, 10 May 2000 06:37:39 GMT
From: Darren Reed <darrenr@reed.wattle.id.au>
Message-Id: <200005100757.RAA02440@avalon.reed.wattle.id.au>
Subject: Re: IPv6 and ipf question...
In-Reply-To: <24396.957920188@coconut.itojun.org> from "itojun@iijlab.net" at "May 10, 0 09:56:28 am"
To: itojun@iijlab.net
Date: Wed, 10 May 2000 17:57:59 +1000 (EST)
Cc: mason@acheron.middleboro.ma.us, tech-security@netbsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

In some email I received from itojun@iijlab.net, sie wrote:
> 
> >Hi, all.
> >
> >Finding myself home and sick for the second day in a row, I decided to
> >muck about with IPv6 a bit. Freenet6 makes it trivially easy to get
> >a connection.
> >
> >Now that I have this working, I wonder if there's any documentation for
> >using ipf with IPv6...? My initial prodding hasn't found anything as yet.
> >I'm happy leaving gif0 up and running if I can filter it.
> 
> 	do you want to filter in IPv6 layer, or filter encapsulated packets?
> 	if the former, I'm not sure, not sure even if there's any...
> 	ask darren...

Use "ipf -6f <filename>" to load a file with IPv6 filter rules.

The rules must currently all use ipv6-addr[/mask] - it doesn't
suppoer gethostinfo() or anything like that to do name->ipv6
resolution yet.

"ipfstat -6io" to view loaded IPv6 filter rules.

IPv6 filter rules are completely separate to IPv4 rules.

Darren