On 13.10.2017 22:05, Jozsef Kadlecsik wrote:
On Fri, 13 Oct 2017, Walter H. wrote:On 13.10.2017 16:05, Jozsef Kadlecsik wrote:On Fri, 13 Oct 2017, Walter H. wrote:I have a virtual server at a hoster, where I have a full /64-prefix, so I declared a few addeesses with special numbers ... e.g. pi = 3.141592653589 and the IPv6 address is [prefix:3:1415:9265:3589] there is also a special number below 1, the IPv6 [prefix:0:5772:1566:4901] now the bug: this works: -A INPUT -i eth0 -d prefix::5772:1566:4901 -m tcp -p tcp --dport 25 -m state --state NEW -j ACCEPT but this not: -A INPUT -i eth0 -d prefix:0:5772:1566:4901 -m tcp -p tcp --dport 25 -m state --state NEW -j ACCEPTAn IPv6 address is represented as eight groups of four hexadecimal digits and '::' can be used to shorten just 0 fields.I know ...The first command works if the prefix contains four or less number of groups.yes, it is a /64 prefixThe second command works only if the prefix contains exactly four number of groups.better say, it should work, because it doesn't , even if the prefix contains exactly four number of groupsWhat does it exactly mean "doesn't work"?
this rule should open tcp/25 for SMTP but it doesn't ...
The command fails with an error message? The rule does not match? What it the kernel version? What is the version number of the iptables package?
CentOS 6 with latest updates ... ip6tables -V ... ip6tables v1.4.7uname -a ... Linux myvhost 2.6.32-696.13.2.el6.x86_64 #1 SMP Thu Oct 5 21:22:16 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Thanks, Walter
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
