- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
IPv6 Configuration in FreeBSD
Jul 19, 2023 • FreeBSDSoftware
Understanding and working with FreeBSD’s network configuration is undoubtedly an integral part of system administration. A big part of these configuration settings is about managing the IPv6 settings on FreeBSD based systems.
To get started, you’ll need to have a functioning installation of FreeBSD and network interface configured for IPv6. If you are new to FreeBSD, you might want to check out our intro guide to networking in FreeBSD before proceeding.
IPv6 Address Configuration
The first factor to consider is if your system already has an IP address. You can check this with FreeBSD’s ifconfig command:
Look for lines that begin with “inet6.” The address following this label is your system’s IPv6 address. If it hasn’t been manually configured yet, FreeBSD chooses a link-local address by default. Your network should also be providing an IPv6 address via auto-configuration.
If your network doesn’t provide this or you wish to set up a static IP address, add the following to /etc/rc.conf:
ifconfig_<interface name>="inet6 <IPv6 address> prefixlen <prefix length>"
<IPv6 address>, and
<prefix length> with your actual values.
Enabling IPv6 Forwarding
The second step is to enable IPv6 forwarding on FreeBSD, which can be done by adjusting settings in the kernel. To understand this process, you may want to check our article about kernel tuning for FreeBSD optimization. To enable this, update /etc/sysctl.conf with:
Then, use command sysctl to apply the setting:
$ sysctl net.inet6.ip6.forwarding=1
This will let the kernel forwards packets not addressing it.
Configure IPv6 Privacy Extensions
Privacy extensions for Stateless Address Autoconfiguration in IPv6 is a mechanism for hosts to automatically generate randomised IPv6 addresses with an additional privacy benefit. To enable the IPv6 privacy extensions, add the following to /etc/sysctl.conf:
Remember to use sysctl command to apply these changes.
IPv6 with PF (Packet Filter)
One of FreeBSD’s greatest strengths is its robust firewall options. Implementing Firewalls Security in FreeBSD will ensure the security of your network. PF, the built-in firewall on FreeBSD, supports IPv6. Open /etc/pf.conf and configure according to your network needs. Don’t forget to reload PF:
# /etc/rc.d/pf reload
If you’re unsure or insecure about working on your firewall settings, FreeBSD has a great port available for network security scanning as nmap.
By following these steps, your FreeBSD machine should be appropriately configured for IPv6. Experiment with the settings that work best for your network and business needs. Don’t be afraid to consult the FreeBSD man pages as you continue to explore FreeBSD as they are a great resource.
Remember that before making major configuration changes, backing up your FreeBSD system is always good practice.