On 11/3/22 18:12, Florian Westphal wrote:
Ian Pilcher <arequipeno@xxxxxxxxx> wrote:
Assume that I want to match a particular host (pppp:pppp:pppp:ppc8::1)
in a rule. With ip6tables, I can match this address with this
expression:
0:0:0:c8::1/::ff:ffff:ffff:ffff:ffff
ip6tables-translate suggests:
nft add rule ip6 filter INPUT 'ip6 saddr & ::ff:ffff:ffff:ffff:ffff == ::c8:0:0:0:1'
Interesting. I see that too.
I missed it, because ip6tables-translate-restore suggests:
nft add rule ip6 filter INPUT ip6 saddr
::c8:0:0:0:1/::ff:ffff:ffff:ffff:ffff counter accept
Which gives a syntax error.
--
========================================================================
Google Where SkyNet meets Idiocracy
========================================================================
