On Wednesday 2010-11-03 10:29, Pascal Hambourg wrote: >Hello, > >David Miller a Ãcrit : >> H. Peter Anvin just mentioned something interesting to me, >> basically it's the fact that when your prefix addresses >> change on an interface in ipv6, this can invalidate your >> netfilter rules. >> >> So it would be nice if there were some way to match "the >> ipv6 prefix address on interface X", "The prefix addr no.5 on X" <=> -i X -d 2001:db8::/64 Or... `-A INPUT -i X`: by using INPUT, you know that the packet was going to a local destination, which means the pkt had a daddr that is configured on that interface (or you have tproxy). >> Thoughts? > >What would be a use case ? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
