I've added the following rule to my pf.conf:
em0 is the connection to my home network. The purpose of this rule is to allow any traffic originating from my LAN IP ranges into this FreeBSD host.
For the most part it works. The following rules result from this:
However, something is missing: a rule allowing traffic from the IPv6 link-local range to the link-local address on em0, e.g.
This is resulting in router and dhcp6 solicitations from other hosts being rejected, as they use a link-local address as their source.
I can obviously manually add the rule, but why isn't it being added along with those above?
Code:
pass in quick on em0 from em0:network to em0em0 is the connection to my home network. The purpose of this rule is to allow any traffic originating from my LAN IP ranges into this FreeBSD host.
For the most part it works. The following rules result from this:
Code:
pass in quick on em0 inet from 192.168.1.0/24 to 192.168.1.1 flags S/SA keep state
pass in quick on em0 inet6 from 2001:470:1f09:84e::/64 to fe80::21b:21ff:fe6a:b9a6 flags S/SA keep state
pass in quick on em0 inet6 from 2001:470:1f09:84e::/64 to 2001:470:1f09:84e:: flags S/SA keep stateHowever, something is missing: a rule allowing traffic from the IPv6 link-local range to the link-local address on em0, e.g.
Code:
pass in quick on em0 inet6 from fe80::/64 to fe80::21b:21ff:fe6a:b9a6 flags S/SA keep stateThis is resulting in router and dhcp6 solicitations from other hosts being rejected, as they use a link-local address as their source.
I can obviously manually add the rule, but why isn't it being added along with those above?