[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt-users] NWFilter and IPv6



Hi,

Libvirt's nwfilter ships a number of useful filter scripts by default, but 
none to handle IPv6 traffic. Is there a particular reason for that, or is that 
just because nobody has got around to that yet?

One interesting thing about dealing with IPv6 traffic is that hosts often have 
several auto-configured addresses, usually at least one auto-configured link-
local address under fe80::/64 and one auto-configured one from router-
advertisements. For writing filter rules, it would be nice to have some 
function/notation to calculate those auto-configured addresses for the user, 
so we can write something like this:

<rule action='return' direction='out' priority='500'>
  <ipv6 srcipaddr='ipv6_autoconf($IPV6_PREFIX[ 1], $IPV6_MASK[ 1], $MAC)'/>
</rule>
<rule action='return' direction='out' priority='500'>
  <ipv6 srcipaddr='$IPV6'/>
</rule>
<rule action='drop' direction='out' priority='1000'/>

or maybe more like this:

<ipv6 mode='autoconf' field='srcipaddr' prefix='$IPV6_PREFIX[ 1]' 
netmask='$IPV6_MASK[ 1]' mac='$MAC)'/>

	Guido


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]