Firewall
pf 阻止的所有 IPv6 流量
以下
pf.conf
(FreeBSD 10.3)似乎阻止了所有 IPv6 流量,我不知道為什麼。tcp_inbound = "{ ssh, domain, http, https }" tcp_outbound = "{ domain, http, https, imaps, smtps }" udp_services = "{ domain, ntp }" block all pass proto udp to any port $udp_services keep state pass out proto tcp to any port $tcp_outbound keep state pass in proto tcp to any port $tcp_inbound keep state # from https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ table <github> { 192.30.252.0/22, 2620:112:3000::/44 } pass out proto tcp to <github> port { ssh } keep state pass proto icmp from any to any
如何在允許 IPv4 的相同服務上允許 IPv6 流量?我添加
inet6
了每個規則的顯式版本,但似乎沒有幫助。如果我禁用pf
,那麼 IPv6 流量可以正常通過。
通過啟用日誌記錄,我發現這是因為 ICMP6 路由器請求被阻止了。添加
pass proto ipv6-icmp from any to any
到文件末尾修復了問題。