Hi guys,
I recently implemented IPv6 stack on my AWS EC2 Machine.
After a long time, dual stack is working...
But only with PF disabled.
With just "pass all" rule, everything from Layer 3 and Layer 4 works (IPv4, IPv6, TCP ports, ICMP, ICMP6)
But with these simple general rules (for testing purposes), no external clients can access my webserver using IPv6, only IPv4:
So, the question is, "proto tcp" includes all IPv4 and IPv6, right? Or is there an implicitly "IPv4 default stack"?
I tried "pass in inet6 proto...", but don't worked as I expected.
But without PF (or just "pass all" rule), everything works (ICMP e TCP ports) over IPv6.
This is the first time I work with IPv6 stack.
Thanks all
I recently implemented IPv6 stack on my AWS EC2 Machine.
After a long time, dual stack is working...
But only with PF disabled.
With just "pass all" rule, everything from Layer 3 and Layer 4 works (IPv4, IPv6, TCP ports, ICMP, ICMP6)
But with these simple general rules (for testing purposes), no external clients can access my webserver using IPv6, only IPv4:
Code:
tcp_services_in="{ 22, 80 }"
block all
pass out all keep state
pass in proto icmp
pass in proto icmp6
pass in proto tcp to port $tcp_services_in flags S/SA keep state
So, the question is, "proto tcp" includes all IPv4 and IPv6, right? Or is there an implicitly "IPv4 default stack"?
I tried "pass in inet6 proto...", but don't worked as I expected.
But without PF (or just "pass all" rule), everything works (ICMP e TCP ports) over IPv6.
This is the first time I work with IPv6 stack.
Thanks all