Looking for resources on iptables and IPv6 - Networking

This is a discussion on Looking for resources on iptables and IPv6 - Networking ; Please pardon a question from a relative newbie to IPv6 *and* iptables. I've found www.netfilter.org , Peter Bieringer's fine pages, and the USAGI project but not an answer to my question. I have an existing system with iptables configured to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Looking for resources on iptables and IPv6

  1. Looking for resources on iptables and IPv6

    Please pardon a question from a relative newbie to IPv6 *and* iptables.
    I've found www.netfilter.org, Peter Bieringer's fine pages, and the
    USAGI project but not an answer to my question.

    I have an existing system with iptables configured to filter packets
    based on a range of IPv4 addresses. (I should note, I didn't configure
    it, I inherited it.) For example, pass all packets with source
    addresses from 10.2.0.1 to 10.2.0.5 and reject all others. I've been
    asked if that's meaningful with IPv6 considering how IPv6 addresses are
    assigned. If the bottom 64 bits of the IPv6 address are either the MAC
    address or a random number (a simplification, I know), how can a range
    of IPv6 addresses be meaningful? I suppose it could be used to limit
    to MACs from a specific vendor but that's kind of lame and not the
    intent of the original IPv4 rule.

    Can someone point me to something that talks about packet filtering of
    IPv6 packets in some detail? The man pages I've found for iptables
    seem to assume IPv4 when they talk about source and destination
    addresses. Alternatively, can someone here share some wisdom on best
    practices for using iptables to secure an IPv6 system.

    TIA.

    Chris


  2. Re: Looking for resources on iptables and IPv6

    In news:1168889922.857057.53940@a75g2000cwd.googlegro ups.com,
    Chris wrote:

    > Can someone point me to something that talks about packet filtering of
    > IPv6 packets in some detail? The man pages I've found for iptables
    > seem to assume IPv4 when they talk about source and destination
    > addresses. Alternatively, can someone here share some wisdom on best
    > practices for using iptables to secure an IPv6 system.


    You need ip6tables, not iptables, to deal with your issue.

+ Reply to Thread