Op 07-08-14 om 23:14 schreef Jeff Haran: >> -----Original Message----- >> From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Jean-Louis Dupond >> Sent: Thursday, August 07, 2014 1:51 PM >> To: netfilter@xxxxxxxxxxxxxxx >> Subject: Match EUI64 in IPv6 Address >> >> Hi, >> >> I'm in the following situation. >> My ISP gives me native IPv6 connectivity, a /56 range. >> >> The only thing is, the prefix is dynamic, it changes every 96hours. >> >> Now my router announces this range to my clients, and everything works fine. >> But then comes the issue. >> >> I firewall my LAN on my router, so there is no need for a firewall on al >> the clients. >> But as the prefix is dynamic, I can't just fix this in a clean way. >> >> Every time the prefix changes, I need to adjust my ip6tables rules. >> >> So my question: Is there a way to make an ip6tables rule that only >> matches the last 64 bits (the EUI64)? >> This would solve the issue that i've got. >> >> Thanks >> Jean-Louis > The ip6tables man page states that one can following the IPv6 address in a -s or -d match with a mask. > > So presumably something like this should work: > > ip6tables ... -s ::<EUI64>/::ffff:ffff:ffff:ffff ... > > Though I admit, I've never tried this myself. > > Jeff Haran > Thanks alot! This seems to work fine indeed. Thx Jean-Louis -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
