by mail.netbsd.org with SMTP; 11 May 2000 02:10:24 -0000
	by acheron.middleboro.ma.us (8.10.1/8.10.1) id e4B2A5Y07355;
	Wed, 10 May 2000 22:10:05 -0400 (EDT)
Date: Wed, 10 May 2000 22:10:05 -0400
From: Mason Loring Bliss <mason@acheron.middleboro.ma.us>
To: Darren Reed <darrenr@reed.wattle.id.au>
Cc: itojun@iijlab.net, tech-security@netbsd.org
Subject: Re: IPv6 and ipf question...
Message-ID: <20000510221005.C3865@acheron.middleboro.ma.us>
References: <24396.957920188@coconut.itojun.org> <200005100757.RAA02440@avalon.reed.wattle.id.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200005100757.RAA02440@avalon.reed.wattle.id.au>; from darrenr@reed.wattle.id.au on Wed, May 10, 2000 at 05:57:59PM +1000

On Wed, May 10, 2000 at 05:57:59PM +1000, Darren Reed wrote:

> Use "ipf -6f <filename>" to load a file with IPv6 filter rules.

Cool. So, I can get almost everything to work with:

	ipf -y -Fa -f /etc/ipf.conf -6f /etc/ipf6.conf

as long as I remember not to duplicate head rule numbers. :)

However, I have problems with a couple rules:

ac /etc# ipf -6f /etc/ipf6.conf
3: unknown words at end: [with ipopts ]
4: unknown words at end: [with short ]


This is from:

block in log quick all with ipopts
block in log quick all with short


Does this stuff not apply to IPv6 or something? I haven't done enough
reading about IPv6 to know what's different, honestly.


Another quick question: Is there a port scanner available that works
with IPv6? I'd like to set up either a work machine or a friend's box
and look at my home machine from the outside, via IPv6. (Paranoia is
good!) I suppose I can just do stuff by hand and trust that netstat is
showing me everything. :)

Anyway, thanks for the information, thanks for the cool software, and
thanks for integrating IPv6 support.

-- 
   Mason Loring Bliss   mason@acheron.middleboro.ma.us              E w i g e
awake ? sleep : dream;  http://acheron.ne.mediaone.net  B l u m e n k r a f t