[OpenIndiana-discuss] IP Filter and IPv6
Jeppe Toustrup
openindiana at tenzer.dk
Wed Nov 23 14:13:22 UTC 2011
Hi
It seems like I am hitting a bug concerning IPv6 and IP Filter. I have
created a very simple IPv6 firewall in /etc/ipf/ipf6.conf, which
basically only allows incoming ICMP pings and SSH:
# Default policies
pass out all keep state
block in all
# Allow ICMP
pass in quick proto ipv6-icmp all keep state
# Allow SSH
pass in quick proto tcp from any to any port = 22 keep state
The problem is that whenever the machine is started up with IP Filter
enabled, I cannot contact it over IPv6 until I have stopped and
started IP Filter ("svcadm restart ipfilter" is not enough).
I have checked the output of "ipfstat -nio6" both before and after IP
Filter has been stopped and started, and there are no differences in
the output.
I am thinking this may be a timing issue, but I don't know how I could
troubleshoot this further. This is on OpenIndiana b151a, and I see it
on two separate machines.
--
Venlig hilsen / Kind regards
Jeppe Toustrup (aka. Tenzer)
More information about the OpenIndiana-discuss
mailing list