On Fri, 13 Oct 2017, Walter H. wrote: > On 13.10.2017 16:05, Jozsef Kadlecsik wrote: > > On Fri, 13 Oct 2017, Walter H. wrote: > > > > > I have a virtual server at a hoster, where I have a full /64-prefix, so > > > I declared a few addeesses with special numbers ... > > > > > > e.g. pi = 3.141592653589 and the IPv6 address is > > > [prefix:3:1415:9265:3589] there is also a special number below 1, the > > > IPv6 [prefix:0:5772:1566:4901] > > > > > > now the bug: > > > > > > this works: > > > -A INPUT -i eth0 -d prefix::5772:1566:4901 -m tcp -p tcp --dport 25 -m > > > state --state NEW -j ACCEPT > > > > > > but this not: > > > -A INPUT -i eth0 -d prefix:0:5772:1566:4901 -m tcp -p tcp --dport 25 -m > > > state --state NEW -j ACCEPT > > An IPv6 address is represented as eight groups of four hexadecimal digits > > and '::' can be used to shorten just 0 fields. > I know ... > > The first command works if the prefix contains four or less number of > > groups. > yes, it is a /64 prefix > > The second command works only if the prefix contains exactly four number > > of groups. > better say, it should work, because it doesn't , even if the prefix contains > exactly four number of groups What does it exactly mean "doesn't work"? The command fails with an error message? The rule does not match? What it the kernel version? What is the version number of the iptables package? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
