Please pardon a question from a relative newbie to IPv6 *and* iptables.
I've found
www.netfilter.org, Peter Bieringer's fine pages, and the
USAGI project but not an answer to my question.
I have an existing system with iptables configured to filter packets
based on a range of IPv4 addresses. (I should note, I didn't configure
it, I inherited it.) For example, pass all packets with source
addresses from 10.2.0.1 to 10.2.0.5 and reject all others. I've been
asked if that's meaningful with IPv6 considering how IPv6 addresses are
assigned. If the bottom 64 bits of the IPv6 address are either the MAC
address or a random number (a simplification, I know), how can a range
of IPv6 addresses be meaningful? I suppose it could be used to limit
to MACs from a specific vendor but that's kind of lame and not the
intent of the original IPv4 rule.
Can someone point me to something that talks about packet filtering of
IPv6 packets in some detail? The man pages I've found for iptables
seem to assume IPv4 when they talk about source and destination
addresses. Alternatively, can someone here share some wisdom on best
practices for using iptables to secure an IPv6 system.
TIA.
Chris
Similar Threads
Linear Mode
