On 11/07/2012 03:22 AM, Guido Winkelmann wrote: > Hi, > > Libvirt's nwfilter ships a number of useful filter scripts by default, but > none to handle IPv6 traffic. Is there a particular reason for that, or is that > just because nobody has got around to that yet? Hi Guido! I just saw this message you sent to the list a couple weeks ago. Stefan Berger can confirm, but I believe the answer is the latter - nobody has gotten around to it. I'm sure patches would be greatly appreciated :-) > > One interesting thing about dealing with IPv6 traffic is that hosts often have > several auto-configured addresses, usually at least one auto-configured link- > local address under fe80::/64 and one auto-configured one from router- > advertisements. For writing filter rules, it would be nice to have some > function/notation to calculate those auto-configured addresses for the user, > so we can write something like this: > > <rule action='return' direction='out' priority='500'> > <ipv6 srcipaddr='ipv6_autoconf($IPV6_PREFIX[@1], $IPV6_MASK[@1], $MAC)'/> > </rule> > <rule action='return' direction='out' priority='500'> > <ipv6 srcipaddr='$IPV6'/> > </rule> > <rule action='drop' direction='out' priority='1000'/> > > or maybe more like this: > > <ipv6 mode='autoconf' field='srcipaddr' prefix='$IPV6_PREFIX[@1]' > netmask='$IPV6_MASK[@1]' mac='$MAC)'/> There is similar functionality for IPv4, and it would be nice to have IPv6 variables that parallel those for IPv4. Again - patches welcome! _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
