我努力在我的FreeBSD 10服务器上允许IPv6连接。
我有一个工作的IPv6连接。 但IPFW会阻止所有IPv6stream量。
#!/bin/sh # # flush existing rules ipfw -q flush # allow established connections ipfw -q add 1 check-state # allow loopback traffic ipfw -q add 2 allow all from any to any via lo0 # allow previously established TCP connections ipfw -q add 3 allow tcp from any to any established # # public services inbound: 22/tcp (SSH) and 80/tcp (HTTP) ipfw -q add 60100 set 1 allow tcp from any to me 22 in setup keep-state ipfw -q add 60101 set 1 allow tcp from any to me 80 in setup keep-state # # allow all traffic going out ipfw -q add 200 set 1 allow udp from me to any out keep-state ipfw -q add 201 set 1 allow tcp from me to any out setup keep-state # # allow common ICMP types in and out ipfw -q add 400 set 1 allow icmp from me to any icmptypes 0,3,8,11,12,13,14 ipfw -q add 401 set 1 allow icmp from any to me icmptypes 0,3,8,11,12,13,14 # # allow tcp connections out on backup interface ipfw -q add 500 set 1 allow tcp from any to any out via re1 setup keep-state # # deny everything else coming in #ipfw -q add 999 set 1 deny all from any to any 如何在此设置中为http和imcp启用IPv6? 提前致谢!
您的IPv6stream量不符合任何规则,因此与最后一条规则相匹配,这是明确的拒绝规则。
首先,您需要确保IPFW处理IPv6stream量。 这是通过使用sysctl来实现的:
sysctl net.inet.ip.fw.enable=1
IPFW支持各种IPv6特定的关键字,比如me6而不是me 。 所以你可能想添加如下的规则:
ipfw -q add 60102 set 1 allow tcp from any to me6 80 in setup keep-state ipfw -q add 60103 set 1 allow tcp from any to me6 22 in setup keep-state
有关此主题的更多信息,可以参考ipfw(8)手册页上的RULE FORMAT部分: https : ipfw(8)