[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPF filtering of encapsulated IPv6 packets?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: IPF filtering of encapsulated IPv6 packets?
From: Pete Toscano <pete_(_at_)_research_(_dot_)_netsol_(_dot_)_com>
Date: Fri, 31 Aug 2001 14:12:30 -0400
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

Hello,

I sent this to the ipv6_(_at_)_openbsd list yesterday, but seeing how low the
traffic is, I'm guessing that it's nearly dead.  I hope it's not too
inappropriate for me to report on this list.

I have a IPv6-in-IPv4 tunnel to the 6Bone.  My side of the tunnel is an
OpenBSD (2.9-stable) box.  This tunnel is gif0.  I have another tunnel
for internal network use (gif1) and a directly attached IPv6 network
(off xl0, the tunnels are off dc0).

My problem is exactly the same as Rob Mooney's from 2001.03.09
(http://www.sigmasoft.com/~openbsd/archive/openbsd-ipv6/200103/msg00000.html)
-- I can filter IPv4 just fine, but I cannot filter on IPv6 content.  If
I put IPv6 filters (ipf -6) on dc0, then they just get ignored.
Tcpdump-ing on the gif interfaces just shows outgoing traffic.  Heck,
even blocking all IPv6 traffic out of xl0 gets ignored:

[root_(_at_)_foo6 12:09:25 /root]# ipfstat -6ho
0 block out log from any to any
0 block out on xl0 from any to any

My IPv4 filters allow ICMP protocol 0x29 (41) in, but I cannot figure
out how to filter any IPv6.

Would someone please help me?  Getting filtering up is necessary for
this project and I _really_ want to keep using OpenBSD.

Thanks,
pete


-- 
Pete Toscano            pete_(_at_)_research_(_dot_)_netsol_(_dot_)_com            703.948.3364

Prev by Date: Re: first cvs patch update
Next by Date: Re: kernel compile problem ( it may be very stupid :-)
Previous by thread: Re: first cvs patch update
Next by thread: dns for internal machines
Index(es):
- Date
- Thread

Visit your host, monkey.org