Hi,

Hmm: pass out quick on xl0 inet6 proto tcp all
There is the "quick" attribute given, so the rule should match all
inet6/tcp packets
and ignore all other rules.
The last rule should never parsed...

Bye
Thorsten

> -----Ursprüngliche Nachricht-----
> Von: Daniel Hartmeier [mailto:danielbenzedrine.cx]
> Gesendet: Dienstag, 2. April 2002 16:23
> An: Thorsten Sauter
> Betreff: Re: OpenBSD PF-Filter with IPv6
>
>
> On Tue, Apr 02, 2002 at 04:00:12PM +0200, Thorsten Sauter wrote:
>
> > 1: pass out quick on xl0 proto tcp all
> > 2: pass out quick on xl0 inet6 proto tcp all
> > 3: block out log quick on xl0 all
> >
> > The first rule match all outgoing tcp packets for inet. And
> the second
> > should macht (allow) all outoing inet6 tcp packets, but doesn't. :(
> > The ipv6 packets will always blocked by the third rule.
>
> Of course. Rules are evaluated top to bottom, and the last
> matching rule
> is used. You have two choices: either move the block rule to
> the top, so
> the pass rules 'override' it for outgoing tcp packets, or add
> 'quick' to
> the pass rules, so rule set evaluation stops when a packet
> matches those
> rules. This is basic rule evaluation procedure, not specific to IPv6.
>
> > Any suggest? Is there an only tutorial for pf and inet6?
> > The man page does not say much about ipv6 packets.
>
> See the link section at the bottom of
> http://www.benzedrine.cx/pf.html.
>
> Daniel

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]