Displaying 2 results from an estimated 2 matches for "swinnerton".
Did you mean:
bswinnerton
2020 Jan 01
2
Passing multiple addresses with masks to nwfilter
Hello,
I have a nwfilter that I'm using to ensure that libvirt domains can't spoof
IPv6 traffic. It looks like this:
<filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'>
<rule action='return' direction='out' priority='500'>
<ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/>
</rule>
2020 Jan 01
0
Re: Passing multiple addresses with masks to nwfilter
...umentation reads:
Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown:
SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
DSTPORTS = [ 80, 8080 ]
But I'm not sure how to pass through an array of <parameter>s in the
filterref. Is this possible?
On Wed, Jan 1, 2020 at 12:39 PM Brooks Swinnerton <bswinnerton at gmail.com>
wrote:
> Hello,
>
> I have a nwfilter that I'm using to ensure that libvirt domains can't
> spoof IPv6 traffic. It looks like this:
>
> <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'>
> &...