PF support for IPv6 Extension Headers

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

PF support for IPv6 Extension Headers

Fernando Gont-2

What's the level of support in PF wrt IPv6 Extension Headers?

pf.conf(5) talks about an implicit block rule for packets employing the
routing header, but I've not been able to find anything about e.g.,

* Filtering packets on a per-EH-type-occurrence (e.g. "block packets
that contain a Destination Options Header")

* Filtering packets base on the EH size

* Filtering packets based on the number of EHs they contain (e.g., drop
the packet if it employs more than 5 EHs)




Best regards,
Fernando Gont
e-mail: [hidden email] || [hidden email]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1