Specifying a range of ipv6 addresses?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Specifying a range of ipv6 addresses?

Mark Raynsford-2
Hello.

What is the syntax for specifying a range of IPv6 addresses in rules?

I want to write rules of the form:

pass out log quick on $nic_ppp inet6 proto tcp from
2001:db8:8:10::/64 to any port 80 modulate state

But pf appears to treat 2001:db8:8:10::/64 as a single address (I
intended it to mean an entire subnet).

--
Mark Raynsford | http://www.io7m.com

attachment0 (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Specifying a range of ipv6 addresses?

Mark Raynsford-2
On 2017-10-10T16:11:23 +0000
Mark Raynsford <[hidden email]> wrote:

> Hello.
>
> What is the syntax for specifying a range of IPv6 addresses in rules?

Naturally, I didn't find the answer until I asked the question. The
syntax I was looking for is:

pass out log quick on $nic_ppp inet6 proto tcp \
  from 2001:db8:8:10:: - 2001:db8:8:10:ffff:ffff:ffff:ffff \
  to any port 80 modulate state

--
Mark Raynsford | http://www.io7m.com
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Specifying a range of ipv6 addresses?

Chris H-2
In reply to this post by Mark Raynsford-2
On Tue, 10 Oct 2017 16:11:23 +0000 Mark Raynsford
<[hidden email]> wrote

> Hello.
>
> What is the syntax for specifying a range of IPv6 addresses in rules?
>
> I want to write rules of the form:
>
> pass out log quick on $nic_ppp inet6 proto tcp from
> 2001:db8:8:10::/64 to any port 80 modulate state
>
> But pf appears to treat 2001:db8:8:10::/64 as a single address (I
> intended it to mean an entire subnet).

While I am filtering with pf(4), I have to admit I haven't used it
to filter IPv6 for awhile. A search for an answer to your question
seemed to indicate the following two links may be of help/interest:
https://www.freebsd.org/doc/handbook/firewalls-pf.html
https://bash.cyberciti.biz/firewall/pf-ipv6-ipv4-firewall-for-freebsd-openbsd-netbsd/

HTH

--Chris

>
> --
> Mark Raynsford | http://www.io7m.com


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[hidden email]"