RE: Match EUI64 in IPv6 Address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Jean-Louis Dupond
> Sent: Thursday, August 07, 2014 1:51 PM
> To: netfilter@xxxxxxxxxxxxxxx
> Subject: Match EUI64 in IPv6 Address
> 
> Hi,
> 
> I'm in the following situation.
> My ISP gives me native IPv6 connectivity, a /56 range.
> 
> The only thing is, the prefix is dynamic, it changes every 96hours.
> 
> Now my router announces this range to my clients, and everything works fine.
> But then comes the issue.
> 
> I firewall my LAN on my router, so there is no need for a firewall on al
> the clients.
> But as the prefix is dynamic, I can't just fix this in a clean way.
> 
> Every time the prefix changes, I need to adjust my ip6tables rules.
> 
> So my question: Is there a way to make an ip6tables rule that only
> matches the last 64 bits (the EUI64)?
> This would solve the issue that i've got.
> 
> Thanks
> Jean-Louis

The ip6tables man page states that one can following the IPv6 address in a -s or -d match with a mask.

So presumably something like this should work:

ip6tables ... -s ::<EUI64>/::ffff:ffff:ffff:ffff ...

Though I admit, I've never tried this myself.

Jeff Haran

��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux