[FS#417] Not possible to create ip6tables rules for dynamic prefixes
LEDE Bugs
lede-bugs at lists.infradead.org
Sat Jan 21 08:05:07 PST 2017
A new Flyspray task has been opened. Details are below.
User who did this - Ziggy SpaceRat (SpaceRat)
Attached to Project - LEDE Project
Summary - Not possible to create ip6tables rules for dynamic prefixes
Task Type - Feature Request
Category - Packages
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - All
Due in Version - Undecided
Due Date - Undecided
Details - It's not possible to create a traffic rule with a target in IPv6/hostmask syntax.
The following is a valid ip6tables rule:
ip6tables -I INPUT -d ::a3a3:beff:fe89:93af/::ffff:ffff:ffff:ffff -j ACCEPT
The target specified translates to
IPv6 0:0:0:0:a3a3:beff:fe89:93af with a hostmask of 0:0:0:0:ffff:ffff:ffff:ffff
which means the subnet bits do not matter -> the rule works for every prefix/subnet -> it continues to work when the prefix changes.
However, LuCi turns the input field red and refuses to save as soon as one enters the forward slash.
Supporting this syntax would be really helpful for those people that get dynamic prefixes from their providers and currently need to use workarounds like cronjobs that rewrite the rules when they detect a prefix change.
See http://blog.dupondje.be/?p=17 for a reference.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=417
More information about the lede-bugs
mailing list