search for: ipv6_addr

...quot;set %s/DHCPV6C yes\n" % BR_ROOT elif OVIRT_VARS["OVIRT_IPV6"] == "static": self.BR_CONFIG += "set %s/IPV6INIT yes\n" % BR_ROOT - self.BR_CONFIG += "set %s/IPV6ADDR %s\n" % (BR_ROOT, OVIRT_VARS["OVIRT_IPV6_ADDRESS"]) + self.BR_CONFIG += "set %s/IPV6ADDR %s/%s\n" % (BR_ROOT, OVIRT_VARS["OVIRT_IPV6_ADDRESS"], OVIRT_VARS["OVIRT_IPV6_NETMASK"]) self.BR_CONFIG += "set %s/IPV6_AUTOCONF no\n" % BR_ROOT self.BR_CONFIG +=...

...quot;set %s/DHCPV6C yes\n" % BR_ROOT elif OVIRT_VARS["OVIRT_IPV6"] == "static": self.BR_CONFIG += "set %s/IPV6INIT yes\n" % BR_ROOT - self.BR_CONFIG += "set %s/IPV6ADDR %s\n" % (BR_ROOT, OVIRT_VARS["OVIRT_IPV6_ADDRESS"]) + self.BR_CONFIG += "set %s/IPV6ADDR %s/%s\n" % (BR_ROOT, OVIRT_VARS["OVIRT_IPV6_ADDRESS"], OVIRT_VARS["OVIRT_IPV6_NETMASK"]) self.BR_CONFIG += "set %s/IPV6_AUTOCONF no\n" % BR_ROOT self.BR_CONFIG +=...

...setups to nftables. Some of these setups involve fairly large sets and updating those atomically does not seem to be practical due to the excessive amount of time it takes to reload the set via a script file. Assume a set that was initialized like this: nft add set inet filter ipv6_bogons { type ipv6_addr; flags interval; } And then load the attached example ipv6_bogons.nft with `nft -f' to populate the set with elements. When you first load that file, it's a matter of seconds (or less). But if you try to load the set another time in order to reload it (the script contains a flush set state...

Hello, with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports? I have received a 2nd IP address for my server and have successfully configured by adding the new "/etc/sysconfig/network-scripts/ifcfg-eth0:1" file. I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443. The 443 on the_old_ip is already taken by

...impossible. I hope I'm wrong and just mis-understood the documents. -- Carson I've also examined what I thought would do the trick: ListenAddress: Specifies the local addresses sshd should listen on. The following forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Additionally, any Port op...

Hi all! I'm wanting to close port 22 (ssh) on my home router, and I don't see any facilities in its GUI for doing that. I don't mind learning how to write an iptables rule for that, but I'd rather not have to fool around with commandline stuff on the router, especially things that require extra steps to make it peresist across boots. So, I'm trying this (please tell me if it

...OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at d9c.eu Consider the following table: table inet filter { set allowable { type ipv6_addr flags timeout } chain input { type filter hook input priority 0; policy accept; tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff:: timeout 2m @allowable } } # nft "add rule inet filter input ip6 saddr &amp...

...t inet main udp_public { type inet_service; } add set inet main udp_trusted { type inet_service; } add set inet main tcp_trusted { type inet_service; } add set inet main blacklist { type ipv4_addr; flags interval; } add set inet main ossec4 { type ipv4_addr; } add set inet main ossec6 { type ipv6_addr; } add set inet main trusted6 { type ipv6_addr; flags interval; } add set inet main trusted4 { type ipv4_addr; } add element inet main tcp_public { ssh } add element inet main udp_trusted { ntp } # otto delegated_ipv6 add element inet main trusted6 { 2a01:4f8:13b:29a3::/64 } # asus deleg...

...ected string fc00::/7, ^^^^^^ ruleset.prod:55:30-35: Error: syntax error, unexpected string fe80::/10 } ^^^^^^ --- ruleset.prod excerpt --- 43 set blackhole_ipv6 { 44 type ipv6_addr 45 flags interval 46 elements = { ::/127, 47 ::ffff:0.0.0.0/96, 48 2001::/32, 49 2001:10::/28, 50 2001:db8::/32, 51...

...^^^^^^^^^^^^^^^^^^^^ ------ The command exits with code 1. Expected Results: 1. If at the particular point only a single result would be valid, then a suggestion should be made to refactor to using a set. 2. It ought to be possible to define such a set of type ipv4_addr (or ipv6_addr) from resolving one or more hostnames, either ad hoc or named. A hostname not resolving into an IP of the appropriate type (A/AAAA) should not lead to an error and instead produce an empty set. Examples: 1. ip daddr {"archive.ubuntu.com"} accept 2. #!/usr/sbin/nft -f tabl...

...define o4dns = { 208.67.222.222, 208.67.220.220 } define o6dns = { 2620:119:35::35, 2620:119:53::53 } define myIPv4 = <filtered> define myIPv6 = <filtered> flush ruleset table inet filter { set dns4 { type ipv4_addr; elements = { $g4dns, $o4dns } } set dns6 { type ipv6_addr; elements = { $g6dns, $o6dns } } set smb { type inet_service; elements = { 137, 138, 139, 445 } } chain global { ct direction original counter accept ct state { established, related } counter accept ct status confirmed counter accept ct state { invalid, u...

...# nft list set ip filter libssh table ip filter { set libssh { type ipv4_addr elements = { 163.123.166.2} } } You can also list existing maps, eg. # nft list map ip6 filter test table ip6 filter { map test { type ipv6_addr : inet_service elements = { 2001:db8::ff00:42:8329 : http} } } In general, the same logic applies for every nft object, ie. generic listing shows declarations, then if the object name is specified, the its content is shown. * Masquerading port range selection: Allo...