* [Cerowrt-devel] ipsets in openwrt issues
@ 2014-01-15 19:46 Dave Taht
2014-01-15 20:06 ` Dave Taht
0 siblings, 1 reply; 2+ messages in thread
From: Dave Taht @ 2014-01-15 19:46 UTC (permalink / raw)
To: cerowrt-devel
I thought ipset had sprouted full ipv6 support a while back
which would make for simpler rules like this
ipset create egress-ipv4 hash:net
ipset add egress-ipv4 127.0.0.0/8
ipset add egress-ipv4 192.168.0.0/16
ipset add egress-ipv4 10.0.0.0/8
ipset add egress-ipv4 172.16.0.0/12
ipset add egress-ipv4 169.254.0.0/16
where you could do something like add the external
network on a double natted situation easily, on
bringing up the external interface.
ipset add egress-ipv4 10.0.1.0/24 nomatch
but no ipv6 in my build although the doc claims
it exists.
ipset create family inet6 egress-ipv6
ipset add egress-ipv6 fd::/10
reading source....
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Cerowrt-devel] ipsets in openwrt issues
2014-01-15 19:46 [Cerowrt-devel] ipsets in openwrt issues Dave Taht
@ 2014-01-15 20:06 ` Dave Taht
0 siblings, 0 replies; 2+ messages in thread
From: Dave Taht @ 2014-01-15 20:06 UTC (permalink / raw)
To: cerowrt-devel
On Wed, Jan 15, 2014 at 2:46 PM, Dave Taht <dave.taht@gmail.com> wrote:
> I thought ipset had sprouted full ipv6 support a while back
>
> which would make for simpler rules like this
>
> ipset create egress-ipv4 hash:net
>
> ipset add egress-ipv4 127.0.0.0/8
> ipset add egress-ipv4 192.168.0.0/16
> ipset add egress-ipv4 10.0.0.0/8
> ipset add egress-ipv4 172.16.0.0/12
> ipset add egress-ipv4 169.254.0.0/16
>
> where you could do something like add the external
> network on a double natted situation easily, on
> bringing up the external interface.
>
> ipset add egress-ipv4 10.0.1.0/24 nomatch
>
> but no ipv6 in my build although the doc claims
> it exists.
>
> ipset create family inet6 egress-ipv6
> ipset add egress-ipv6 fd::/10
>
> reading source....
problem between eyes and keyboard...
ipset create egress-ipv6 hash:net family inet6
ipset add egress-ipv6 fc::/10 # 8? 12? 11? what
... don't know what exact ipv6 addresses to block escaping out
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-01-15 20:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-15 19:46 [Cerowrt-devel] ipsets in openwrt issues Dave Taht
2014-01-15 20:06 ` Dave Taht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox