Re: IPFilter and IPv6

Darren Reed wrote:
> For those that use IPFilter with IPv6, does the current
> configuration cause any problems for you?

No major ones in ipfilter, but some in ipnat.

> Do you edit ipf.conf and forget to edit ipf6.conf or vice verssa?
>
> Are there interaction issues or reporting problems needing to
> remember -6?

Nope. That's fine with me.

> If there was just a single configuration file, ipf.conf, that
> contained all IP (IPv4/6) firewall rules, would this make like
> easier or harder?

Maybe harder, but not much. It's just a fuzzier separation
that way. I could deal either way, but I like the separation
that two config files allows.

> If you were forced to manually transition your current system
> layout with both ipf.conf and ipf6.conf, would this be a serious
> issue?

Nope. Could be done.

> One other question, if NAT were to support IPv6 also, would you
> expect a ipnat6.conf or for it to all fit in ipnat.conf?

I would expect and want it to mirror the other. So, right
now, I'd want an ipnat6.conf. But, I think having just one
makes sense too. I just think consistency is most valueable.

So, other than the aforementioned problem I'm having with
ipnat messing with ports on IPv6 packets, I'm good. And
that's a NetBSD 2.x problem, I think, so.

- Chris