Re: Newbie: IPv6 equivalent of 192.168.178.0/24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09.10.20 14:49, paul.guijt@xxxxxxxxx wrote:

I had
	add rule  inet filter input ip   saddr 192.168.178.0/24         jump LocalIN
	add rule  inet filter input ip6 saddr fe::/10                             jump LocalIN
to divert all packets coming from my private network to rules in the LocalIN chain.

Nftables converts the second line into “ip6 saddr c0::/10 jump LocalIN”. FE into C0.
Will that do what I intended? If not, what rule do you prefer?

Regards,
Paul Guijt




Hi Paul,
From https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml 

> fc00::/7 	Unique-Local
> fe80::/10 	Link-Local Unicast
I assume you want both in your case. ULA (unique local addr) and link-local. Or, if you do not want to allow the whole ULA space, maybe just i.e. a `/48`, like i.e. openwrt generates for you automatically. A use case to not accept the whole fc00::/10 would be if you are connected to i.e. dn42, or another community VPNs, which makes use of ULA. 

Best,
Bernd
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux