Hi, >>>>> On Mon, 23 Nov 2009 12:55:25 -0500 >>>>> John Baldwin <jhb_at_freebsd.org> said: I updated the patch. jhb> I had missed the me vs any. It is true that the equivalent rule would use jhb> me6. I would rather figure out the IPv6 bug so that TCP is treated the jhb> same for both protocols instead of having a weaker firewall for IPv6 than jhb> IPV4. Yes, it is better, definitely. I thought that we could change to use dynamic rule, once it was fixed. Since the PR kern/117234 fixed it, I changed to use dynamic rule for IPv6 as well. So, it requires the patch in the PR. jhb> I do find the shorter version easier to read, and it matches the existing jhb> style as well as the examples in the manual page, handbook, etc. Okay, I changed 'ip6' to 'all' where we can use it, and stopped use of 'proto xxx'' as possible. I reconsidered oif vs oif6 and iif vs iif6 issue. Now, if $firewall_simple_oif_ipv6 is not set, $firewall_simple_oif is assumed for oif6, and, $firewall_simple_iif_ipv6 is not set, $firewall_simple_iif is assumed for iif6. Further, I think we don't assign a global IPv6 address to oif in usual. So, I made $firewall_simple_onet_ipv6 optional. One more change is that DHCPv6 is allowed as well as IPv4 DHCP for WORKSTATION type. I'm using DHCPv6 in usual; L2TP + DHCPv6 PD, DHCPv6 DNS option ... Sincerely, -- Hajimu UMEMOTO _at_ Internet Mutual Aid Society Yokohama, Japan ume_at_mahoroba.org ume_at_{,jp.}FreeBSD.org http://www.imasy.org/~ume/
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:58 UTC