|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: openbsd 3.2, pf, and ipv6 tunnels
From: Richard Welty (rwelty
averillpark.net)
Date: Sun Aug 03 2003 - 09:37:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 03 Aug 2003 13:38:51 +0200 "Asbjorn L. Johansen" <notsanesveitt.org> wrote:
> Shouldn't you have a rule like this:
> pass in [log] quick on $ext_if inet proto ipv6 from $tbipv4 to $ext_addr
> That is what I had to use to get tunneled ipv6 traffic through.
i shouldn't need a rule that broad to get icmp echo reply through, but i
gave it a shot anyway. since i wasn't sure what you intended by $tbipv4 and
$ext_addr, i put in any/any for 10 seconds to see if the echo replies
started getting through:
pass in log quick on $ext_if inet6 proto ipv6 from any to any
they did not, they're still falling through and getting blocked by the
catchall blocking rule.
richard
--
Richard Welty rweltyaverillpark.net
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]