Carlos E. R. wrote:
On 2023-04-25 11:57, Per Jessen wrote:
FW_TRUSTED_NETS="192.168.1.15,tcp,smtp" it would be converted to 20 lines like:
accept smtp from fe80::2d8:61ff:fea1:5abd
Well, first of all, LL addresses are only used for routing.
Per, that's an example.
I'm only saying - it was a poorly chosen example. LL addresses are special.
I used that line for the paste because i don't have to edit out for privacy. Or maybe I should have, what the heck. There are 13 IP6 addresses.
You don't have to edit anything - your prefix changes every day. However, this will do it: sed -e 's/yourprefix/2001:db8::/g'
To keep track of the prefix, I think(!) the easiest would be to monitor the lease file, hint: "inotify-tools". I did wonder about using the firewall to watch for router annoncements, but it becomes unnecessarily complex.
Right.
I don't know how easy those inotify tools are to use, but it ought to be fairly easy to monitor for a file called 'dhclient6.*ethX.lease' being written to '/var/lib/NetworkManager/'.
As others have already said - when you don't have an actual need, why bother - _unless_ you think it is fun.
Well, I'm investigating. It is some fun (not much), and I don't know how many years it will take them to correct the bug firmware, or change my router. Nor do I know if the next router will not have a similar bug.
If it isn't fun, just disable ipv6 in your machines, then you're safe. At most, someone might gain access to your washing machine and turn your underwear pink, but that's all. -- Per Jessen, Zürich (10.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes