Hi,
According to RFC4890 ("Recommendations for Filtering ICMPv6
Messages in Firewalls"), page 35, a rule like this should match
MLD packets:
$ ip6tables -A icmpv6-filter -p icmpv6 --icmpv6-type {130,131,132,143} ...
However, this does not seem to work for me. My guess is that it
does not match because --protocol is not 'icmpv6' but actually
the hop-by-hop-option first. Is this a bug in the RFC (and if so,
should I report it on some IETF mailing list?)?
Also, is there a way to somehow match IPv6 protocols with IPv6
options in between?
Cheers, Linus
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
