Date: Tue, 10 Oct 2017 09:49:44 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: <freebsd-pf@freebsd.org> Subject: Re: Specifying a range of ipv6 addresses? Message-ID: <b6bfd0d114764ba5d8b56a954d372f6f@ultimatedns.net> In-Reply-To: <20171010161123.52808204@copperhead.int.arc7.info> References: <20171010161123.52808204@copperhead.int.arc7.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Oct 2017 16:11:23 +0000 Mark Raynsford <list+org.freebsd.pf@io7m.com> wrote > Hello. > > What is the syntax for specifying a range of IPv6 addresses in rules? > > I want to write rules of the form: > > pass out log quick on $nic_ppp inet6 proto tcp from > 2001:db8:8:10::/64 to any port 80 modulate state > > But pf appears to treat 2001:db8:8:10::/64 as a single address (I > intended it to mean an entire subnet). While I am filtering with pf(4), I have to admit I haven't used it to filter IPv6 for awhile. A search for an answer to your question seemed to indicate the following two links may be of help/interest: https://www.freebsd.org/doc/handbook/firewalls-pf.html https://bash.cyberciti.biz/firewall/pf-ipv6-ipv4-firewall-for-freebsd-openbsd-netbsd/ HTH --Chris > > -- > Mark Raynsford | http://www.io7m.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b6bfd0d114764ba5d8b56a954d372f6f>