From owner-freebsd-net@FreeBSD.ORG  Sun Jun 17 19:32:25 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D904106566C
	for <freebsd-net@freebsd.org>; Sun, 17 Jun 2012 19:32:25 +0000 (UTC)
	(envelope-from jfesler@gigo.com)
Received: from goat.gigo.com (goat.gigo.com [IPv6:2001:470:1:18::114])
	by mx1.freebsd.org (Postfix) with ESMTP id 4B6C28FC0C
	for <freebsd-net@freebsd.org>; Sun, 17 Jun 2012 19:32:25 +0000 (UTC)
Received: from goat.gigo.com (goat.gigo.com [216.218.228.114])
	by goat.gigo.com (Postfix) with ESMTPS id 3WFlv74TdXzTJ6
	for <freebsd-net@freebsd.org>; Sun, 17 Jun 2012 12:32:19 -0700 (PDT)
Date: Sun, 17 Jun 2012 12:32:19 -0700 (PDT)
From: Jason Fesler <jfesler@gigo.com>
To: freebsd-net@freebsd.org
Message-ID: <alpine.BSF.2.00.1206171228020.24374@goat.gigo.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: ipfw and ipv6 mask/masklen
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jun 2012 19:32:25 -0000

For IPv4, I see this with ipfw:

              addr/masklen
                      Matches all addresses with base addr (specified as an IP
                      address, a network number, or a hostname) and mask width
                      of masklen bits.  As an example, 1.2.3.4/25 or 1.2.3.0/25
                      will match all IP numbers from 1.2.3.0 to 1.2.3.127 .

Does anyone have a suggestion on how to do similar for IPv6?

I want to block specific Teredo/IPv4 addresses; the IPv4 address is 
encoded at the end.  The bits in the middle are variable per connection 
(with the port number being part of the variable).

I don't want to block out Teredo entirely (or even a specific relay 
entirely), as that would be overboard for my needs. So, CIDR notation 
prefix/length matching won't work.

--
  Jason Fesler, email/jabber <jfesler@gigo.com> resume: http://jfesler.com
  "Give a man fire, and he'll be warm for a day;
  set a man on fire, and he'll be warm for the rest of his life."