Hi anomie,
The rule that you have told me is working, but what i want is icmptypes 128 (not 129)...
Because when I put 129, my gateway can't ping to anywhere.
Referred to IANA specification for icmptypes in IPv6:
- 128 means echo request
- 129 means echo reply
So, the best rule for my gateway is to implement 128.
This is my Rules:
cmd6="ip6fw -q add"
$cmd6 check-state
$cmd6 00501 allow ipv6-icmp from 2001::6:111 to any in icmptypes 128 via ed0
$cmd6 00502 deny ipv6-icmp from any to any in icmptypes 128 via ed0
Notes:
The word "me" is not used again in the ipv6. do you know why? because when i changed the word "any" to "me", the rule didn't work.
LAst question:
I don't know the rules to block ssh and telnet. I've already done this:
$cmd6 00503 allow tcp from 2001::6:111 to any 22,23 in via ed0
But after i display the
ip6fw list, i didn't find the rules for blocking ssh and telnet.
Thanks for your attention.