From owner-FreeBSD-users-jp@jp.FreeBSD.org Fri Jan  3 21:53:07 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id h03Cr7Y89342;
	Fri, 3 Jan 2003 21:53:07 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from plum.freemail.ne.jp (plum.freemail.ne.jp [210.235.164.88])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with SMTP/inet id h03Cr6G89337
	for <freebsd-users-jp@jp.freebsd.org>; Fri, 3 Jan 2003 21:53:06 +0900 (JST)
	(envelope-from fwtec@plum.freemail.ne.jp)
Received: (qmail 27890 invoked by alias); 3 Jan 2003 21:53:04 +0900
Received: (qmail 27878 invoked from network); 3 Jan 2003 21:53:03 +0900
Received: from unknown (HELO ?192.168.1.6?) (61.121.18.217)
  by plum.freemail.ne.jp with SMTP; 3 Jan 2003 21:53:03 +0900
From: Yuji Tanaka <fwtec@plum.freemail.ne.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
Message-Id: <20030103215505.791C.FWTEC@plum.freemail.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.05.06
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 03 Jan 2003 21:56:49 +0900
X-Sequence: FreeBSD-users-jp 72777
Subject: [FreeBSD-users-jp 72777] 4.6.2-p5 =?ISO-2022-JP?B?GyRCJEcbKEI=?=
 IPv6 =?ISO-2022-JP?B?GyRCJEsbKEI=?= IPFilter
 =?ISO-2022-JP?B?GyRCJHI7SE1RJDkka0p9SyEkTyQiJGokXiQ7JHMbKEI=?=
 =?ISO-2022-JP?B?GyRCJCsbKEI=?= ?
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: fwtec@plum.freemail.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+021231


FreeBSD 4.6.2-p5 $B$r;HMQ$7$F(B IPv6 $B@\B34D6-$r:n@.$7$h$&$H$7$F$$$^$9!#(B
$B$^$:$O$^$C$?$/%U%#%k%?%j%s%0$r$7$F$J$$>uBV(B(options IPFILTER $B$b(B options
IPFIREWALL, options IPV6FIREWALL$B$b$J$$>uBV(B)$B$G$O(B 6to4 $B4D6-$G@\B3$G$-$^$7(B
$B$?!#(B

$B$=$N8e!"AGDL$7$G$O?4G[$J$N$G(B IPFILTER $B$G(B IPv6 $B$r%U%#%k%?%j%s%0$r$7$h$&(B
$B$H$7$?$i(B ipf $B%3%^%s%I$*$h$S(B ipftest $B%3%^%s%I$,(B IPv6 $B$N8D=j$G%(%i!<$K$J(B
$B$j$^$7$?!#$o$?$7$,:n@.$7$?%k!<%k$,$$$1$J$$$N$+$H$*$b$$!"(Bmkfilters $B$G:n(B
$B@.$7$?%k!<%k$r$=$N$^$^DL$7$F$_$^$7$?$,F1$8%(%i!<$K$J$j$^$7$?!#(B

/usr/src/contrib/ipfilter $B$rE83+(B
perl /usr/src/contrib/ipfilter/mkfilters > ipf.ipv6
ipf -Fa -f ipf.ipv6
12: can't resolve hostname: inet6
12: bad host (inet6)
15: can't resolve hostname: inet6
15: bad host (inet6)
16: can't resolve hostname: inet6
16: bad host (inet6)

12$B9TL\(B
block out from any to  inet6 fe80::7c8e:d4e8:7a0:6662%faith0 prefixlen 64 scope
id 0x2 /32 group 250
15$B9TL\(B
block in from   inet6 fe80::7c8e:d4e8:7a0:6662%faith0 prefixlen 64 scopeid 0x2 /
32 to any group 200
16$B9TL\(B
block in from   inet6 fe80::260:97ff:fe44:1671%ep0 prefixlen 64 scopeid
0x6 /0xf
fffff00 to any group 200

bad host (inet6) $B$G8!:w$7$F$_$k$H!"(BSolaris $B$N$b$N$G$7$?$,!"(Binet6 $B$N(B
$B%-!<%o!<%I$OH4$/I,MW$,$"$k$b$N$r8+$D$1$F$d$C$F$_$^$7$?$,!"$d$O$j%"%I%l%9(B
$BIt$G%(%i!<$K$J$C$F$7$^$$$^$9!#(B

$B;29M(BURL: http://false.net/ipfilter/2002_02/0206.html
$B7k2L(B
ipf -Fa -f ipf.ipv6
12: can't resolve hostname: fe80::7c8e:d4e8:7a0:6662%faith0
12: bad host (fe80::7c8e:d4e8:7a0:6662%faith0)
15: can't resolve hostname: fe80::7c8e:d4e8:7a0:6662%faith0
15: bad host (fe80::7c8e:d4e8:7a0:6662%faith0)
16: can't resolve hostname: fe80::260:97ff:fe44:1671%ep0
16: bad host (fe80::260:97ff:fe44:1671%ep0)

2000/1 $B;~E@$H$A$g$C$H8E$+$C$?$N$G$9$,!"Ev;~$N(B NetBSD $B$G$O(BIPFilter $B$,(BIPv6
$B$KBP1~$7$F$$$J$$$?$a$K$3$N%a%C%;!<%8$,$G$F$$$?$h$&$G$9!#(B

$B;29M(BURL: http://mail-index.netbsd.org/current-users/2000/01/10/0043.html

FreeBSD 4.5R $B$N%j%j!<%9%N!<%H$K0J2<$N$h$&$K=q$+$l$F$$$k$N$G(B 4.6.2 $B$G$OBP(B
$B1~$7$F$$$k$h$&$K$*$b$($^$9!#(B

IPFilter now supports IPv6.

$B%=!<%9$r$_$k$H(B Makefile $BCf$N(B-DUSE_INET6 $B$OL$Dj5A$K$J$C$F$$$?$N$GBP1~(B
$B$5$l$F%3%s%Q%$%k$5$l$F$$$J$$$h$&$K$_$($^$9!#$@$a$b$H$G$3$N%3%a%s%H$r(B
$B30$7$F%3%s%Q%$%k$7$F$_$^$7$?$,$d$O$jF1$8%(%i!<%a%C%;!]%8$,$G$F$7$^$C(B
$B$F$$$^$9!#(B

4.6.2-p5 $B$N(B IPFilter $B$G(B IPv6 $B$r%U%#%k%?%j%s%0(B($BDL$9(B?)$B$K$O$I$N$h$&$K$7$?(B
$B$i$$$$$N$G$7$g$&$+(B?

$B%P!<%8%g%s(B

# uname -r
4.6.2-RELEASE-p5

# ipf -V
ipf: IP Filter: v3.4.27 (336)
Kernel: IP Filter: v3.4.27
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0

/usr/src/contrib/ipfilter/Makefile
#
# Uncomment this when building IPv6 capability.
#
#INET6=-DUSE_INET6
#

---
Kernel $B$N(B config $B%U%!%$%k$+$i(B IPv6 $BIt$rH4?h(B
# grep -i -e IPFILTER -e IPV6 VPNGW
options         INET6                   #IPv6 communications protocols
# comment out for IPFILTER
options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
pseudo-device   gif             # IPv6 and IPv4 tunneling
pseudo-device   faith   1       # IPv6-to-IPv4 relaying (translation)
pseudo-device   stf                     #6to4 IPv6 over IPv4 encapsulation

rc.conf $B$+$i(B IPv6 $B$rH4?h(B
# grep v6 rc.conf
ipv6_enable="YES"               # Set to YES to set up for IPv6.
ipv6_gateway_enable="YES"       # Set to YES if this host will be a gateway.
#ipv6_defaultrouter="2002:caff:2d05::1" # Set to IPv6 default gateway (or NO).
---

---
ifconfig
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet6 fe80::7c8e:d4e8:7a0:6662%faith0 prefixlen 64 scopeid 0x2
stf0: flags=1<UP> mtu 1280
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ep0: flags=a843<UP,BROADCAST,RUNNING,SIMPLEX,LINK1,MULTICAST> mtu 1500
        inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::260:97ff:fe44:1671%ep0 prefixlen 64 scopeid 0x6
        ether 00:60:97:44:16:71
        media: Ethernet 10baseT/UTP
---

$B%m!<%I$G%(%i!<$K$J$k$N$G(B ipfstat $B$O$"$j$^$;$s!#(B

--
Yuji Tanaka


