Hi, Dominic.
Now, I understand what you said.
// I imagined PlatForm or Protocol Familly about PF. :-)
In pure FreeBSD 7.0-RELEASE case on my environment,
everything from 38 through 41 is passed with no packet filter configuration
as I attached.
Actually, I don't have enough knowledge about Packet Filter,
but it might be PF configuration problem or PF itself problem.
Or, did you change something about network configuration using sysctl for example?
Thanks,
On Tue, 11 Nov 2008 04:19:04 -0800 (PST)
dominic villamero <dvillamero_777@yahoo.com> wrote:
> Sorry for the confusion, PF is Packet Filter or in common term, FIREWALL.
> PF I believe started in OpenBSD but has also been used in any other
> operating system like FreeBSD.
>
> As in my case, I'm using PF as my Firewall in NUT which runs on FreeBSD 7.
> Unfortunately, I experienced some problems with it. :(
>
> As what I've mentioned in my previous post, I got 4 FAILED results in
> Section 1 when I enabled PF(firewall), even if setting a "pass all" rule.:(
>
> We soon found out that by default PF blocks packets with IP option set. So,
> to eliminate this problem we added an "allow-opts" rule which allow packets with IP option set.
>
> Example:
> "pass all allow-opts"
>
> Unfortunately, it only solved 1 problem and that's segment 38 in Section 1.
> Segments 39, 40, and 41 remain unsolved. :(
>
> Does anyone here knows anything about this issue? Or atleast have encountered this problem?
>
> Is this a PF bug? Or probably I just missed something out?
>
> Thanks...
>
> dominic
>
>
> --- On Tue, 11/11/08, Yukiyo Akisada <akisada@tahi.org> wrote:
>
> > From: Yukiyo Akisada <akisada@tahi.org>
> > Subject: [users:00986] Re: PF problem? PF incompatibility?
> > To: dvillamero_777@yahoo.com
> > Cc: users@tahi.org
> > Date: Tuesday, November 11, 2008, 6:22 PM
> > Hi, Dominic.
> >
> > What is "PF" in your word?
> > And what is what is "allow-opts" option?
> >
> > I have never heard them.
> >
> > Please let me be clear.
> >
> >
> > On Tue, 11 Nov 2008 02:12:47 -0800 (PST)
> > dominic villamero <dvillamero_777@yahoo.com> wrote:
> >
> > > Oh my :(, segment 39, 40, and 41 under Section 1: RFC
> > 2460 - IPv6 Specification still FAILED. Even setting the
> > "allow-opts" option, if anyone knows something
> > regarding this concern please enlighten us ^_^.
> > >
> > > With "allow-opt" rule, only segment 38
> > succeeded...
> > >
> > > Hmm...do you think PF is the problem? please
> > help..thanks
> > >
> > >
> > > =- dominic
> > >
> > >
> > > --- On Fri, 11/7/08, dominic villamero
> > <dvillamero_777@yahoo.com> wrote:
> > >
> > > > From: dominic villamero
> > <dvillamero_777@yahoo.com>
> > > > Subject: Re: [users:00980] PF problem? PF
> > incompatibility?
> > > > To: dvillamero_777@yahoo.com
> > > > Cc: users@tahi.org
> > > > Date: Friday, November 7, 2008, 2:10 PM
> > > > My work mate already solved the problem. Just
> > added the
> > > > option "allow-opts"
> > > >
> > > > example: pass all allow-opts
> > > >
> > > > Anyways, thanks
> > > >
> > > >
> > > >
> > > > --- On Fri, 11/7/08, dominic villamero
> > > > <dvillamero_777@yahoo.com> wrote:
> > > >
> > > > > From: dominic villamero
> > > > <dvillamero_777@yahoo.com>
> > > > > Subject: [users:00980] PF problem? PF
> > incompatibility?
> > > > > To: users@tahi.org
> > > > > Date: Friday, November 7, 2008, 4:00 AM
> > > > > Hello All, Good day!
> > > > >
> > > > >
> > > > >
> > > > > I tried to run the latest version of
> > Self_Test
> > > > > script on FreeBSD 7-Release against my
> > > > > NUT which was also running on FreeBSD 7. As
> > expected,
> > > > the
> > > > > test ran perfectly fine and
> > > > > resulted a 100% passing rate.
> > > > >
> > > > > To go further with my test I enabled PF
> > in NUT and
> > > > > configured it to "pass all"
> > entering and
> > > > exiting
> > > > > traffic regardless whether if its ipv6 or
> > ipv4.
> > > > > Unfortunately, there were 4 FAILURES all
> > under
> > > > "Section
> > > > > 1: RFC 2460 - Ipv6 Specification"
> > specifically
> > > > segments
> > > > >
> > > > > "Test v6LC.1.2.9: Unrecognized Routing
> > Type - End
> > > > > Node" and "Test v6LC.1.2.10:
> > Unrecognized
> > > > Routing
> > > > > Type - Intermediate Node" numbers 38,
> > 39, 40 and
> > > > 41.
> > > > >
> > > > > Test v6LC.1.2.9: Unrecognized Routing Type -
> > End Node
> > > > > 38: Part A: Unrecognized Routing Type 33
> >
> > > > > FAIL
> > > > > 39: Part B: Unrecognized Routing Type 0
> >
> > > > > FAIL
> > > > >
> > > > > Test v6LC.1.2.10: Unrecognized Routing Type
> > -
> > > > Intermediate
> > > > > Node
> > > > > 40: Part A: Unrecognized Routing Type 33
> >
> > > > > FAIL
> > > > > 41: Part B: Unrecognized Routing Type 0
> >
> > > > > FAIL
> > > > >
> > > > > So my questions:
> > > > > Is there a known issue regarding
> > this?
> > > > > Or am I missing something out? :(
> > > > > If PF is the problem is there a
> > workaround?
> > > > >
> > > > > I'm just new here, please pardon me if
> > those
> > > > questions
> > > > > had already been asked and
> > > > > answered before...Again I'm so
> > sorry...and thank
> > > > you
> > > > >
> > > > > Test info:
> > > > >
> > > > > TN - FreeBSD 7
> > > > > NUT - FreeBSD 7
> > > > > Test - phase 2
> > > > > Type - Host
> > > > >
> > > > >
> > > > >
> > > > > Dominic
> > >
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Yukiyo Akisada <akisada@tahi.org>
>
>
>
>
>
--
Yukiyo Akisada <akisada@tahi.org>
989_2.gz