FreeBSD 10 IPFW IPv6

Question

我很难在我的FreeBSD 10服务器上允许FreeBSD连接。

我有一个正常工作的IPv6连接。但是IPFW阻塞了所有的IPv6流量。

#!/bin/sh
#
# flush existing rules
ipfw -q flush
# allow established connections
ipfw -q add 1 check-state
# allow loopback traffic
ipfw -q add 2 allow all from any to any via lo0
# allow previously established TCP connections
ipfw -q add 3 allow tcp from any to any established
#
# public services inbound: 22/tcp (SSH) and 80/tcp (HTTP)
ipfw -q add 60100 set 1 allow tcp from any to me 22 in setup keep-state
ipfw -q add 60101 set 1 allow tcp from any to me 80 in setup keep-state
#
# allow all traffic going out
ipfw -q add 200 set 1 allow udp from me to any out keep-state
ipfw -q add 201 set 1 allow tcp from me to any out setup keep-state
#
# allow common ICMP types in and out
ipfw -q add 400 set 1 allow icmp from me to any icmptypes 0,3,8,11,12,13,14
ipfw -q add 401 set 1 allow icmp from any to me icmptypes 0,3,8,11,12,13,14
#
# allow tcp connections out on backup interface
ipfw -q add 500 set 1 allow tcp from any to any out via re1 setup keep-state
#
# deny everything else coming in
#ipfw -q add 999 set 1 deny all from any to any

如何在此设置中为http和imcp启用IPv6？提前感谢！

Answer 1

您的IPv6通信量不匹配任何规则，因此匹配最后一个规则，这是一个显式的拒绝规则。

首先，您需要确保IPFW确实处理IPv6流量。这是通过使用sysctl启用它来完成的：

sysctl net.inet6.ip6.fw.enable=1

IPFW支持各种IPv6特定的关键字，比如me6而不是me。因此，您可能需要添加如下规则：

ipfw -q add 60102 set 1 allow tcp from any to me6 80 in setup keep-state
ipfw -q add 60103 set 1 allow tcp from any to me6 22 in setup keep-state

有关此主题的更多信息，请参阅ipfw(8)手册页上的规则格式部分：https://www.freebsd.org/cgi/man.cgi?query=ipfw#RULE_格式化。