I'm running virtual hosts managed with libvirt. I'm using libvirt's ability to manage ebtables/iptables rules to share a single subnet on a bridge between multiple virtual hosts (the auto-created rules prevent ARP, MAC, and IP spoofing). Now I'm looking at IPv6 support, and I don't see a similar way to filter neighbor discovery. I can block router advertisements (ICMPv6 type 134), but I don't know how to filter neigbor advertisements to only allow the assigned MAC/IP. Is there a way to do this with ebtables/ip6tables? -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
