On Wed, Jan 31, 2024 at 12:55:12PM +0100, Daniel wrote:
> table inet filter {
> set block6 {
> type ipv6_addr
> }
>
> chain INPUT {
> type filter hook input priority filter; policy accept
> ip4to6 saddr @block6 drop
> ip6 saddr @block6 drop
> }
Still, duplicated rule. That should be optionally invisible to the user.
> With ip4to6 -type/cmd not existing at this time in nftables- transforming an
> ipv4 in ipv4-ipv6 mapped eg 127.0.0.1 => ::ffff:127.0.0.1 At this time we
> are already able to map ipv4 addresses in ipv6 tables like
>
> nft add element inet filter ip-banned-ip6 { ::ffff:1:2:3:4 }
That immediately wakes my wish to have the address converted
automatically, and the natural place to do this would be in nft
proper. It is already reading in human readable code and generates
kernel configuration.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
