Hi, Libvirt's nwfilter ships a number of useful filter scripts by default, but none to handle IPv6 traffic. Is there a particular reason for that, or is that just because nobody has got around to that yet? One interesting thing about dealing with IPv6 traffic is that hosts often have several auto-configured addresses, usually at least one auto-configured link- local address under fe80::/64 and one auto-configured one from router- advertisements. For writing filter rules, it would be nice to have some function/notation to calculate those auto-configured addresses for the user, so we can write something like this: <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='ipv6_autoconf($IPV6_PREFIX[@1], $IPV6_MASK[@1], $MAC)'/> </rule> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6'/> </rule> <rule action='drop' direction='out' priority='1000'/> or maybe more like this: <ipv6 mode='autoconf' field='srcipaddr' prefix='$IPV6_PREFIX[@1]' netmask='$IPV6_MASK[@1]' mac='$MAC)'/> Guido _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
