|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rémi Guyomarch (rguyom
pobox.com)Date: Tue Apr 02 2002 - 21:04:13 CST
On Tue, Apr 02, 2002 at 05:25:36PM +0200, Thorsten Sauter wrote:
> Hallo,
>
> Daniel: np. :)
>
> The given rule is a little bit stripped from the original one...
> Here is the full rule:
> pass out quick on xl0 inet6 proto tcp all keep state
>
> And that's the output from tcpdump:
> $ traceroute6
> $ tcpdump -e -i pflog0
> 17:23:09.695983 rule 28/0(match): block out on xl0: [|tcp]
> (encap)
> 17:23:09.696416 rule 28/0(match): block out on xl0: [|tcp]
> (encap)
"(encap)"... hmm, isn't your IPv6 connection in fact a GIF tunnel or
something like that ? In this case you must filter on the
pseudo-interface instead of xl0.
-- Rémi
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]