我无法在我的 FreeBSD 10 服务器上允许 IPv6 连接。
我有一个有效的 IPv6 连接。但 IPFW 阻止了所有 IPv6 流量。
#!/bin/sh
#
# flush existing rules
ipfw -q flush
# allow established connections
ipfw -q add 1 check-state
# allow loopback traffic
ipfw -q add 2 allow all from any to any via lo0
# allow previously established TCP connections
ipfw -q add 3 allow tcp from any to any established
#
# public services inbound: 22/tcp (SSH) and 80/tcp (HTTP)
ipfw -q add 60100 set 1 allow tcp from any to me 22 in setup keep-state
ipfw -q add 60101 set 1 allow tcp from any to me 80 in setup keep-state
#
# allow all traffic going out
ipfw -q add 200 set 1 allow udp from me to any out keep-state
ipfw -q add 201 set 1 allow tcp from me to any out setup keep-state
#
# allow common ICMP types in and out
ipfw -q add 400 set 1 allow icmp from me to any icmptypes 0,3,8,11,12,13,14
ipfw -q add 401 set 1 allow icmp from any to me icmptypes 0,3,8,11,12,13,14
#
# allow tcp connections out on backup interface
ipfw -q add 500 set 1 allow tcp from any to any out via re1 setup keep-state
#
# deny everything else coming in
#ipfw -q add 999 set 1 deny all from any to any
如何在此设置中为 http 和 imcp 启用 IPv6?提前致谢!
答案1
您的 IPv6 流量不符合任何规则,因此符合最后一条规则,即明确拒绝规则。
首先,你需要确保 IPFW 确实处理 IPv6 流量。这可以通过使用 sysctl 启用它来完成:
sysctl net.inet6.ip6.fw.enable=1
IPFW 支持各种 IPv6 特定关键字,例如me6而不是me。因此,您可能需要添加如下规则:
ipfw -q add 60102 set 1 allow tcp from any to me6 80 in setup keep-state
ipfw -q add 60103 set 1 allow tcp from any to me6 22 in setup keep-state
有关此主题的更多信息,您可能需要咨询规则格式手册页上的部分ipfw(8):https://www.freebsd.org/cgi/man.cgi?query=ipfw#RULE_FORMAT