Re: [Shorewall-devel] Shorewall and IPV6

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2005-01-06 at 07:58 -0800, Tom Eastep wrote:
> On Thu, 2005-01-06 at 19:11 +1000, Paul Gear wrote:
> 
> > 
> > My general approach to any future IPv6 upgrade is that i see IPv6 as a 
> > different addressing scheme, but it shouldn't make my network work much 
> > differently.  I'll still have the same zones and the same rules between 
> > them, just different addresses in them.  Therefore, i think IPv6 should 
> > be supported in as similar a manner as possible to IPv4.  Thus i think 
> > it we should use the same zones, with the same policies and rules, in 
> > the same files, as far as practical.
> 
> Possibly this isn't as hard as I'm trying to make it. If I look at the
> rules file, for example, the SOURCE and DEST columns are the only ones
> that are problematic. If we allow both ":" and "/" as separators before
> the IP address *and require the use of "/" if the address is IPV6* then
> I believe we might be able to keep existing rules.

I shouldn't try to do design before my first morning coffee. Using "/"
is awkward because it appears in CIDR notation. But another separator,
such as ";" would work.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key