View Single Post
Old 10th June 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

Ok, I think I see what you are saying. When you add that rule, you're not able to ping from that host (to anywhere) any more. But when you remove the rule it is working properly.

Now two things:
  1. You need to open up communication on the loopback interface. (So you will need another rule.)
  2. I don't see a way in ip6fw(8) to allow "stateful" ICMPv6 connections. And, to be honest, I am not an ICMPv6 expert by a long stretch, so maybe I am being silly to think it should exist.

WRT the second point, what I would suggest experimenting with is allowing in ICMPv6 echo replies. e.g.:
Code:
# ip6fw -q add 100 allow ipv6-icmp from any to any in icmptypes 129
I have not tested that rule, so you may need to tweak it. But I hope you can understand what I'm getting at. (See IANA specs for ICMPv6 type descriptions.)
__________________
Kill your t.v.
Reply With Quote