Re: ipv6 and ipfw

On Mon, 9 Feb 2009 17:29:11 -0800 (PST)
gahn <ipfreak@yahoo.com> wrote:

> 
> Thanks Mark:
> 
> my machine would load the modules when the system boots up. here is my rc.conf:
> 
> firewall_enable="YES"
> firewall_script="/etc/ipfw.conf"
> firewall_logging="YES"
> 
> does that matter?

Your system's ipfw definitely supports ipv6. You can use the same
firewall script to set up ipv6 rules as well.

Note, however, that there's a different set of sysctl exists to
control ip6fw, namely net.inet6.ip6.fw. Thus to enable it at the
boot time you certainly need to add ipv6_firewall_enable="YES"
into your rc.conf. There're also a bunch of other IPv6 related
configurational options exist:
 ipv6_firewall_enable="NO"       # Set to YES to enable IPv6 firewall
                                 # functionality
 ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set
  up the IPv6 firewall
 ipv6_firewall_type="UNKNOWN"    # IPv6 Firewall type (see /etc/rc.firewall6)
 ipv6_firewall_quiet="NO"        # Set to YES to suppress rule display
 ipv6_firewall_logging="NO"      # Set to YES to enable events logging

-- 
Stanislav Sedov
ST4096-RIPE

!DSPAM:49eca46b967004490364599!

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"