On 12/04/2012 10:22 AM, Guido Winkelmann wrote: > Am Montag, 26. November 2012, 10:41:47 schrieb Laine Stump: >> On 11/07/2012 03:22 AM, Guido Winkelmann wrote: >>> One interesting thing about dealing with IPv6 traffic is that hosts often >>> have several auto-configured addresses, usually at least one >>> auto-configured link- local address under fe80::/64 and one >>> auto-configured one from router- advertisements. For writing filter >>> rules, it would be nice to have some function/notation to calculate those >>> auto-configured addresses for the user, so we can write something like >>> this: >>> >>> <rule action='return' direction='out' priority='500'> >>> >>> <ipv6 srcipaddr='ipv6_autoconf($IPV6_PREFIX[@1], $IPV6_MASK[@1], >>> $MAC)'/> >>> >>> </rule> >>> <rule action='return' direction='out' priority='500'> >>> >>> <ipv6 srcipaddr='$IPV6'/> >>> >>> </rule> >>> <rule action='drop' direction='out' priority='1000'/> >>> >>> or maybe more like this: >>> >>> <ipv6 mode='autoconf' field='srcipaddr' prefix='$IPV6_PREFIX[@1]' >>> netmask='$IPV6_MASK[@1]' mac='$MAC)'/> >> There is similar functionality for IPv4, and it would be nice to have >> IPv6 variables that parallel those for IPv4. Again - patches welcome! > I don't quite understand, what similar functionality are you talking about? > IPv4 does not have stateless autoconfiguration... > I mean just the idea of being able to specify the IP address as a variable in a rule, and have it be auto-discovered and filled in by nwfilter. _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
