Re: [Fwbuilder-discussion] How to generate both IPV4 & IPV6 rules in Branch Policies?
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] How to generate both IPV4 & IPV6 rules in Branch Policies?
|
From: Vadim K. <va...@ne...> - 2011-05-18 03:34:07
|
On Tue, May 17, 2011 at 8:27 PM, <ge...@fm...> wrote: > > > On Tue, 17 May 2011 20:03 -0700, "Vadim Kurland" <va...@ne...> > wrote: >> > TOP POLICY (ipv4 +6) >> > Rule 1 Any Any Any Outside Inbound Branch:DROP_POLICY(ipv4 +6) >> > Rule 2 2000:3 Any Any Outside Inbound Branch:DROP_POLICY(ipv4 +6) >> > >> > Where DROP_POLICY(ipv4 +6) refers simply to the IPSETs that, unknown to >> > FWBuilder, contain both IPv4 & IPv6 addresses/networks? >> >> yes >> >> however I am not sure if ipset module will work with a mix of ipv4 and >> ipv6 addresses. You may need to have two separate sets if it does not. > > Reading the man page at http://ipset.netfilter.org/ipset.man.html, it > appears that mixed-family IPSETS are, alas, not supported; it's either > 'inet' OR 'inet6'. > > Would it perhaps be useful within FWBuilder, at the assignment of an > IPSET via a RunTime address table to add a flag specifying the address > table's protocol family, IPv4 or IPv6 (or, mixed?) ? Might the compiler > be triggered appropriately based on such a flag? > good idea, we'll consider it. --vk |