[pve-devel] ipv6 multicast filter
Alexandre DERUMIER
aderumier at odiso.com
Mon Nov 10 12:02:36 CET 2014
>>But maybe we can simply use
>>
>>-d ff00::/8
>>
>>to match ipv6 multicast traffic?
Yes, I found same rules for ipv6 multicast here:
https://www.sixxs.net/wiki/IPv6_Firewalling
http://wiki.openwrt.org/doc/howto/netfilter/netfilter.ip6tables.example1
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 10 Novembre 2014 11:51:01
Objet: RE: ipv6 multicast filter
Does not work with 2.6.32. But maybe we can simply use
-d ff00::/8
to match ipv6 multicast traffic?
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Montag, 10. November 2014 11:39
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: ipv6 multicast filter
>
> >># ip6tables -A INPUT -m addrtype --dst-type MULTICAST -j DROP
> >>ip6tables: No chain/target/match by that name.
> >>
> >>Any ideas whats wrong?
>
> Strange, It's working for me (kernel 3.10)
>
> #ip6tables -A INPUT -m addrtype --dst-type MULTICAST -j DROP
>
>
> # ip6tables-save
> # Generated by ip6tables-save v1.4.14 on Mon Nov 10 11:38:27 2014 *filter
> :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT
> -m addrtype --dst-type MULTICAST -j DROP COMMIT
>
>
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>,
> pve-devel at pve.proxmox.com
> Envoyé: Lundi 10 Novembre 2014 11:30:42
> Objet: ipv6 multicast filter
>
>
>
> Below command does not work for me:
>
> # ip6tables -A INPUT -m addrtype --dst-type MULTICAST -j DROP
> ip6tables: No chain/target/match by that name.
>
> Any ideas whats wrong?
More information about the pve-devel
mailing list