Ipv6 rules still present after disabling
I just got a default installation going (2.1 snapshot, 64 bit). I thought for the moment at least to simplify by eliminating all ipv6 traffic, so I went to System>Advanced, Networking tab, and unchecked "Allow IPv6".
Then I went to Firewall>Rules and found there was still a rule on LAN allowing IPv6, so the above had no effect on that apparently.
I then disabled that rule, and went to the command prompt and ran "pfctl -sa". I was not too surprised to see the default deny rules for IPv6, but there were still a lot of "pass out quick inet6" in the list of rules. So I am getting the impression IPv6 cannot be disabled after all - or am I making some mistake here?
The pass out rules for v6 will still be there for the link-local (which is impossible to disable) but they're overridden by the deny all IPv6 option so that effectively gets rid of all v6.
Are you talking about the 'block drop in inet6 all label "Default Deny ipv6 rule" ', farther down in the rules? As I understand it, that cannot have any effect on the "quick" rules above, which are executed immediately. Perhaps I'm missing something, though.
no, that's the default deny. The block rule from system>advanced is higher in the ruleset, and higher yet after a commit I just made.