From owner-freebsd-pf@freebsd.org Tue Oct 10 16:11:23 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E457EE36275 for ; Tue, 10 Oct 2017 16:11:23 +0000 (UTC) (envelope-from list+org.freebsd.pf@io7m.com) Received: from mail.io7m.com (mail.io7m.com [IPv6:2001:19f0:5:752:f000::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.io7m.com", Issuer "arc7 CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48DEE3026 for ; Tue, 10 Oct 2017 16:11:23 +0000 (UTC) (envelope-from list+org.freebsd.pf@io7m.com) Received: from copperhead.int.arc7.info (cust187-dsl61.idnet.net [212.69.61.187]) by mail.io7m.com (Postfix) with ESMTPSA id 4109983E2 for ; Tue, 10 Oct 2017 16:11:21 +0000 (UTC) Date: Tue, 10 Oct 2017 16:11:23 +0000 From: Mark Raynsford To: freebsd-pf@freebsd.org Subject: Specifying a range of ipv6 addresses? Message-ID: <20171010161123.52808204@copperhead.int.arc7.info> Organization: io7m.com OpenPGP: id=8168DAE22B15D3EDC722C23D0F15B7D06FA80CB8; url=http://io7m.com/pgp/8168_DAE2_2B15_D3ED_C722_C23D_0F15_B7D0_6FA8_0CB8.key MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/nrIbGEaCMrqLm_xZHUWpha."; protocol="application/pgp-signature" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 16:11:24 -0000 --Sig_/nrIbGEaCMrqLm_xZHUWpha. Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello. What is the syntax for specifying a range of IPv6 addresses in rules? I want to write rules of the form: pass out log quick on $nic_ppp inet6 proto tcp from 2001:db8:8:10::/64 to any port 80 modulate state But pf appears to treat 2001:db8:8:10::/64 as a single address (I intended it to mean an entire subnet). --=20 Mark Raynsford | http://www.io7m.com --Sig_/nrIbGEaCMrqLm_xZHUWpha. Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgWja4isV0+3HIsI9DxW30G+oDLgFAlnc8SsACgkQDxW30G+o DLid/w/9G9EM6QQ3/ilLjfz1xSuzK5QIIY9lbFCvjrnfz3CVAyJSdwUbsZguY3LU Nmdv0D3yUzL2TcRvFushl6PbA8qhkRdIBpLX7CH3x6aAi5qw6oclDQ3vNpH5YmmQ T1WBP7+gwD9jqkJ5CDdsF7+4HNYq8/H1V7/uZRqKNgZC+ZqSrOqt0/8eqnnNkQYL eqP297snoPbyB7VyHFOal6DXHIBYuTmKZxfDNy/8PnT3MwhYZqWIdIGG8ui26WLs 2x/nmrgLIHnKYRDv2mYi44cd47ysiXviM5BlrsQsfeQFluwzWV+D6Q9nRDGEslTJ AD8atxTXPsVE8X1NDnsidy+puS7lcAlhVdKCMqOSmKbLl+qlCvWSuDfKhgQ3Zp1n lpF8JDsOFjuBNLm8vQr350p8vufOElTotm9085+mnWAiTtV/7lLsUCNgKd4JuKwq CIqnAv2S8EFc6B0ZXFI2KmyFMjteBmbmAcB8eLZ3S9BEmzUrQQkN+QYoqu9Ej0yt Ze+w7g2qMlceGzzHGVz8sWU0JKCOezRzX5PgAO6lIEa3BZRwYV58DjJ91YKnSLs2 pHdAx1w9B549V+FyVVI4f9JEDvPAAxDGGEHC2Em+0sTZwWu6EAfc9mqOi7DvQz9B dCq3eSr5hhM7Tl88kDIIxKjViC7wS8masraBZ/ICLmRJ10VGrPI= =UwMG -----END PGP SIGNATURE----- --Sig_/nrIbGEaCMrqLm_xZHUWpha.--