On 11/04/2010 07:53 AM, Jan Engelhardt wrote:
On Thursday 2010-11-04 12:36, H. Peter Anvin wrote:
Guess what... other services like DNS needs to deal with this too, and
so far has not; this is part of what needs to happen before nontrivial
scale IPv6 deployment happens...
Despite what the RFCs say, IPv6 has big enough an address space that
static addresses (prefixes) are much more likely to be handed out.
Uhm... no. The reason we'll see dynamic prefixes isn't because of lack
of address space but because of mandatory route aggregation (which *is*
being implemented from the start) -- to keep BGP6 and the core routing
tables from melting down.
Nevertheless, did you consider
ip6tables -A FORWARD -d 0:0:0:1000::/0:0:0:ffff::
to ignore the changing prefix part.
I did, but it means reducing the level of protection given; I'd consider
it an emergency hack.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
