# IPv6 in PF and IPFW



## macfreek (Feb 15, 2012)

Hi,

I recently configured a firewall using ipfw. While I was reasonably happy with the IPv4 and IPv6 integration, I did encounter 3 serious bugs in the IPv6 handling of ipfw (IPv6 fragment reassembly fails; IPv6 over loopback interface is incorrectly reported as if it would use another interface; outgoing ICMPv6 replies are matched as incoming traffic). Nothing that can be circumvented by some rules, but time-consuming nonetheless.

I was wondering if it would be worthwhile to move to PF (I read that PF and IPF are similar, but PF has more active development).

I have currently 100 IPFW rules. If you have a similar sized PF setup (small office-size) with and are actively using IPv6, could you comment on how many missing features (or bugs) you encountered with PF? Are all IPv4 features also present for IPv6 in PF?


----------

