[Cerowrt-devel] ipsets in openwrt issues
Dave Taht
dave.taht at gmail.com
Wed Jan 15 15:06:33 EST 2014
On Wed, Jan 15, 2014 at 2:46 PM, Dave Taht <dave.taht at gmail.com> wrote:
> I thought ipset had sprouted full ipv6 support a while back
>
> which would make for simpler rules like this
>
> ipset create egress-ipv4 hash:net
>
> ipset add egress-ipv4 127.0.0.0/8
> ipset add egress-ipv4 192.168.0.0/16
> ipset add egress-ipv4 10.0.0.0/8
> ipset add egress-ipv4 172.16.0.0/12
> ipset add egress-ipv4 169.254.0.0/16
>
> where you could do something like add the external
> network on a double natted situation easily, on
> bringing up the external interface.
>
> ipset add egress-ipv4 10.0.1.0/24 nomatch
>
> but no ipv6 in my build although the doc claims
> it exists.
>
> ipset create family inet6 egress-ipv6
> ipset add egress-ipv6 fd::/10
>
> reading source....
problem between eyes and keyboard...
ipset create egress-ipv6 hash:net family inet6
ipset add egress-ipv6 fc::/10 # 8? 12? 11? what
... don't know what exact ipv6 addresses to block escaping out
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
More information about the Cerowrt-devel
mailing list