Fixing pf not allowing IPv6 traffic on FreeBSD
Context
As I hinted recently, I have configured pf across all my FreeBSD servers.
Yesterday, I was out of home and wanted to send someone a link to an article of this blog, so I fired up Firefox on my mobile phone, and to my surprise I could not reach www.ncartron.org.
I checked on my laptop by tethering through my phone, and it worked.
I checked my Apache configuration, as well as if there was any upcoming Let's Encrypt certifical renewal due, but nope, all good on that front as well.
The Answer
Then it hit me: surely I must have been connecting through IPv6, and I didn't test that part thoroughly.
And indeed, when I tried telnetting to my webserver over IPv6, it would fail.
All I had to do was add the below to my pf.conf:
pass proto icmp
pass proto ipv6-icmp
and then reload pf with a
pfctl -f <pf.conf>
And boomed, it worked straight away!
Tags: FreeBSD