Developed for and tested on 2.6.27.57, but applies and compiles in current mainline as well (haven't tested it there though). See the following script for a demonstration of the problem: #!/bin/sh PREFIX=fc42:4242 LEFTOUT=$PREFIX:0:ffff:ffff:ffff:ffff:ffff FROM=$PREFIX:1::0 MIDDLE=$PREFIX:1::8000:0:0:0 TILL=$PREFIX:1::ffff:ffff:ffff:ffff RIGHTOUT=$PREFIX:2::0 SUBNET=$PREFIX:1::/64 SOURCE=fc23:2323::1 CHAIN=iprange_bug ip6tables -S OUTPUT | fgrep -q -- '-A OUTPUT -j '"$CHAIN" \ && ip6tables -D OUTPUT -j $CHAIN ip6tables -F $CHAIN 2>/dev/null ip6tables -X $CHAIN 2>/dev/null ip6tables -N $CHAIN ip6tables -A $CHAIN -p icmpv6 --icmpv6-type echo-request -s $SOURCE -m iprange --dst-range $FROM-$TILL ip6tables -A $CHAIN -p icmpv6 --icmpv6-type echo-request -s $SOURCE -d $SUBNET -j DROP ip6tables -I OUTPUT 1 -j $CHAIN ip addr replace $SOURCE/128 dev lo ip addr replace $LEFTOUT/128 dev lo ip addr replace $FROM/128 dev lo ip addr replace $MIDDLE/128 dev lo ip addr replace $TILL/128 dev lo ip addr replace $RIGHTOUT/128 dev lo for IP in $LEFTOUT $FROM $MIDDLE $TILL $RIGHTOUT do ping6 -c 1 -W 1 -q -I $SOURCE $IP | grep ^PING done echo ip6tables -vnL $CHAIN ip addr del $RIGHTOUT/128 dev lo ip addr del $TILL/128 dev lo ip addr del $MIDDLE/128 dev lo ip addr del $FROM/128 dev lo ip addr del $LEFTOUT/128 dev lo ip addr del $SOURCE/128 dev lo ip6tables -D OUTPUT -j $CHAIN ip6tables -F $CHAIN ip6tables -X $CHAIN -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
