Bug 254896

Summary: ipfw do not matches "proto ipv6" but "proto ip6" works
Product: Base System Reporter: Radim Kolar <hsn>
Component: kernAssignee: freebsd-ipfw (Nobody) <ipfw>
Status: Closed Not A Bug    
Severity: Affects Only Me CC: ae, rb
Priority: ---    
Version: 12.1-RELEASE   
Hardware: Any   
OS: Any   

Description Radim Kolar 2021-04-08 21:57:26 UTC 
fwd 2001:470:6e:525::1 proto ip6 src-ip6 2001:470:6f:525::/64

if you change in this rule "ip6" -> "ipv6" which should be according to man page possible no packets are matched and no error is reported.
Comment 1 Bob Bishop 2021-04-09 11:52:55 UTC 
According to the man page: "The ipv6 in proto option will be treated as inner protocol." ie ip6 denotes outer protocol. This is only relevant where there is tunnelling. and it's debatable how this should be treated  where there is no tunnelling.
Comment 2 Andrey V. Elsukov freebsd_committer freebsd_triage 2021-04-12 10:50:10 UTC 
(In reply to Bob Bishop from comment #1)

Indeed, `ip6` is the reserved keyword, matches all upper level protocols that are used within IPv6. `proto ipv6` is protocol 41, means IPv6 datagram encapsulated inside.