ip6tables and multiple possible source addresses

Gert Doering gert at space.net
Thu Jan 19 11:59:03 CET 2012


On Thu, Jan 19, 2012 at 10:55:16AM +0100, Jens Weibler wrote:
> I configure my currently prefix 2001:db8::/48 as prefix-set MY-NETWORK.
> In a rule I only use MY-NETWORK:dead:beef:0:1.
> On the big day of prefix change I advance my prefix-set by simply adding 
> the new prefix - letting the old one still there..
> After the renumbering phase I simply delete my old prefix 2001:db8::/48 
> from the prefix-set and I'm done.
> Firewalls have to change for real ipv6 ops.

Seconded.  That is one of the big things that needs to change (and not
only in firewalls, but also in DNS and DHCPv6 management software, etc.).

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7650 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120119/141e6226/attachment-0001.bin 

More information about the ipv6-ops mailing list