dpk*_*dpk 2 freebsd firewall ipv6 pf
以下pf.conf(FreeBSD 10.3)似乎阻止了所有 IPv6 流量,我不知道为什么。
tcp_inbound = "{ ssh, domain, http, https }"
tcp_outbound = "{ domain, http, https, imaps, smtps }"
udp_services = "{ domain, ntp }"
block all
pass proto udp to any port $udp_services keep state
pass out proto tcp to any port $tcp_outbound keep state
pass in proto tcp to any port $tcp_inbound keep state
# from https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
table <github> { 192.30.252.0/22, 2620:112:3000::/44 }
pass out proto tcp to <github> port { ssh } keep state
pass proto icmp from any to any
如何在允许 IPv4 的相同服务上允许 IPv6 流量?我添加inet6了每个规则的明确版本,但似乎没有帮助。如果我禁用,pf则 IPv6 流量可以正常通过。
通过启用日志记录,我设法确定这是因为 ICMP6 路由器请求被阻止。添加
pass proto ipv6-icmp from any to any
到文件末尾修复了问题。