search for: ipv6_mask

...re prefix (e.g. 2001:db8::/32). This theoretically would work fine when passing in the variables from the domain definition like so: <filterref filter='no-ipv6-spoofing'> <parameter name='IPV6' value='2001:db8:1:6:dc:d2ff:fef2:2181'/> <parameter name='IPV6_MASK' value='32'/> </filterref> But the problem comes when wanting to allow multiple prefixes (and thus multiple $IPV6 and $IPV6_MASK variables). If there is more than one definition of $IPV6, how could I associate it with a corresponding $IPV6_MASK? Ideally I would be able to pas...

...unds like the preferred approach is to use something like: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6[@1]' srcipmask='$IPV6_MASK[@1]'/> </rule> <rule action='drop' direction='out' priority='1000'/> </filter> The documentation reads: Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown: SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ] DSTPORTS = [ 80, 8080 ] But I'...

...er rules, it would be nice to have some function/notation to calculate those auto-configured addresses for the user, so we can write something like this: <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='ipv6_autoconf($IPV6_PREFIX[@1], $IPV6_MASK[@1], $MAC)'/> </rule> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6'/> </rule> <rule action='drop' direction='out' priority='1000'/> or maybe more like this: <ipv6 mode...