下面的pf.conf (FreeBSD 10.3)似乎阻止了所有的IPv6stream量,我无法弄清楚为什么。
tcp_inbound = "{ ssh, domain, http, https }" tcp_outbound = "{ domain, http, https, imaps, smtps }" udp_services = "{ domain, ntp }" block all pass proto udp to any port $udp_services keep state pass out proto tcp to any port $tcp_outbound keep state pass in proto tcp to any port $tcp_inbound keep state # from https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ table <github> { 192.30.252.0/22, 2620:112:3000::/44 } pass out proto tcp to <github> port { ssh } keep state pass proto icmp from any to any
如何在允许IPv4的相同服务上允许IPv6stream量? 我添加了每个规则的明确的inet6版本,似乎没有帮助。 如果我禁用pf那么IPv6通信就可以通过。
通过启用日志,我设法解决这是因为ICMP6路由器请求被阻止。 添加
pass proto ipv6-icmp from any to any
到文件的末尾解决了这个问题。