H. Peter Anvin a écrit : >>> >>> Now, the upstream (ISP-assigned) prefix changes to 2001:6b2f:1705::/48. >>> RA will handle reassigning addresses to actual downstream hosts, but >>> things that explicitly encode IPv6 addresses need to be changed, and >>> that includes ip6tables, in this case these rules now need to refer to >>> 2001:6b2f:1705:0000::/52, 2001:62bf:1705:1000::/52 and so on. >> >> Are you talking about rules on the router which subnets the block, or on >> downstream hosts ? >> Also, is each subnet prefix on a separate link ? >> Could you provide an example of such rules ? > > I'm talking about rules on the internal router(s) which separate the > security domains. Isn't it enough to match the input and/or output interface(s) ? > I can probably come up with a concrete ruleset, but > it'll take a few days since I'm travelling at the moment. I am not asking for a complete ruleset, rather a few sample rules and their purpose. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
