Solved IPFW-IPV6 Syntax

[rphanikrishna]

Configuring DNS caching server able to get all traffic without the firewall and with firewall only the IPV4 traffic is resolving, having some syntax issue with the config regarding the IPV6 (using FreeBSD 12.1)

ipfw -q -f flush
cmd="ipfw -q add"
pif="em0"     # interface name of NIC
$cmd 00116 allow ipv6 from me6 to any 853 out proto tcp via $pif setup keep-state   #Forwarding DNS to Public DNS servers via TLS
$cmd 00251 allow icmp6 from any to any proto ipv6-icmp out via $pif keep-state   #to ping external IPV6 hosts
$cmd 00466 allow ipv6 from any to me6 53 in proto tcp via $pif setup keep-state    #Accepting the incoming DNS TCP requests
$cmd 00467 allow ipv6 from any to me6 53 in proto udp via $pif keep-state       #Accepting incoming DNS UDP requests

Configuring IPv6 for the first time let me know if there is any error or do you suggest me to change the syntax.

 

[rphanikrishna]

Have tried the below also

$cmd 00116 allow ip6 from me to any proto tcp dst-port 853 out via $pif setup keep-state
$cmd 00251 allow icmp6 from any to any proto ipv6-icmp out via $pif keep-state
$cmd 00466 allow ip6 from any to me proto tcp dst-port 53 in via $pif setup keep-state
$cmd 00467 allow ip6 from any to me proto udp dst-port 53 in via $pif keep-state

 

[rphanikrishna]

Got this fixed able to communicate with external DNS on ipv6 over 853 port and accept DNS packets from all clients from 53 port and the DNS server is resolving the packets but IPV6 ping is not working or it is broken, i feel there is some config problem in my BSD instance, let me know if anyone faced the same situation.