Specifying a range of ipv6 addresses?
Chris H
bsd-lists at bsdforge.com
Tue Oct 10 16:49:37 UTC 2017
On Tue, 10 Oct 2017 16:11:23 +0000 Mark Raynsford
<list+org.freebsd.pf at io7m.com> wrote
> Hello.
>
> What is the syntax for specifying a range of IPv6 addresses in rules?
>
> I want to write rules of the form:
>
> pass out log quick on $nic_ppp inet6 proto tcp from
> 2001:db8:8:10::/64 to any port 80 modulate state
>
> But pf appears to treat 2001:db8:8:10::/64 as a single address (I
> intended it to mean an entire subnet).
While I am filtering with pf(4), I have to admit I haven't used it
to filter IPv6 for awhile. A search for an answer to your question
seemed to indicate the following two links may be of help/interest:
https://www.freebsd.org/doc/handbook/firewalls-pf.html
https://bash.cyberciti.biz/firewall/pf-ipv6-ipv4-firewall-for-freebsd-openbsd-netbsd/
HTH
--Chris
>
> --
> Mark Raynsford | http://www.io7m.com
More information about the freebsd-pf
mailing list