Este é o meu atual pf.conf
no FreeBSD 11.1-RELEASE. Ele permite conexões de entrada do OpenVPN / UDP e SSH, bem como permite tudo nas redes privadas / vpn ( vtnet1
e tun0
respectivamente). O problema é que não consigo me conectar ao OpenVPN ou SSH via ipv6. Se eu observar os logs openvpn ou usar um -v
no SSH, vejo o tempo limite no endereço IPv6 e, em seguida, cai no IPv4.
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick proto tcp to vtnet0 port ssh flags S/SA keep state
Eu tentei alterar minha configuração para o seguinte para permitir o IPv6:
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick inet proto udp to vtnet0 port openvpn keep state
pass in quick inet6 proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick inet proto tcp to vtnet0 port ssh flags S/SA keep state
pass in quick inet6 proto tcp to vtnet0 port ssh flags S/SA keep state
Mas ainda não consigo fazer conexões IPv6.
Tags networking firewall freebsd pf