|
|
|
|
|
|
by somat
1247 days ago
|
|
|
Here are two rules for the openbsd packet filter. one for ip4/nat one for ip6/direct. they do the same thing. match out on em2 inet from ! em2 to any nat-to em2
block in on em2 inet6 from any to any
Not many people run a openbsd firewall but the point is that with a statefull firewall preventing people from opening an ip6 connection to internal machines is just as hard as allowing ip4 internal machines a connection out. |
|
|