On Friday 2015-05-01 04:56, Linus Lüssing wrote:
>
>According to RFC4890 ("Recommendations for Filtering ICMPv6
>Messages in Firewalls"), page 35, a rule like this should match
>MLD packets:
>
>$ ip6tables -A icmpv6-filter -p icmpv6 --icmpv6-type {130,131,132,143} ...
>
>However, this does not seem to work for me. My guess is that it
>does not match because --protocol is not 'icmpv6' but actually
>the hop-by-hop-option first.
>Also, is there a way to somehow match IPv6 protocols with IPv6
>options in between?
-p matches the first non-extension header. For the
exthdrs, there is e.g. -m hbh.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
