This section describes how to configure temporary addresses, filtering, IPsec and SSH on various implementations.
FreeBSD supports temporary addresses, filtering through various tools, IPsec and SSH.
To enable temporary addresses, the sysctl variable net.inet6.ip6.use_tempaddr is used.
# sysctl net.inet6.ip6.use_tempaddr = 1
There are various filtering/firewall softwares available on FreeBSD, such as ipfw and ipfilter. IPfilter is discussed here.
IPfilter [IPFILTER] has supported IPv6 since version 3.4. The most noticeable impact is when an address is expected in the config file, it could be either IPv4 or IPv6. The example below shows the blocking of any traffic coming from a 2002:: address.
# more /etc/ipf.rules block in on fxp0 from 2002::/16 to any
As with IPfilter 4.0beta, it also supports the keywords shown in Table 13.5.
IPsec is available for IPv4 and IPv6 in FreeBSD. The code is from the Kame stack. To enable IPsec, the kernel must be compiled with the IPSEC and IPSEC_ESP options, as shown below.
# more /usr/src/sys/i386/conf/MYKERNEL options IPSEC options IPSEC_ESP
The setkey command is used to manipulate the security association (SA) and security policy database(SPD) of IPsec in the kernel. The default configuration file read by setkey at boot time is /etc/ipsec.conf. To enable IPsec at boot time, set the ipsec_enable to ‘YES’ in the /etc/rc.conf file.
# more /etc/rc.conf ipsec_enable=“YES” ...