Op vrijdag 28 april 2023 13:18:47 CEST schreef Carlos E. R.:
On 2023-04-28 13:13, Andrei Borzenkov wrote:
On Fri, Apr 28, 2023 at 1:12 PM Carlos E. R. <robin.listas@telefonica.net> wrote:
I want to block them only on IPv6.
If you are not going to use IPv6 internally, having source zone for 192.168.1.0/24 (or whatever your internal addresses are) and fallback zone for external traffic would be much more clean.
I expect^H^H^H^H^H^Hhope to have proper IPv6 one day...
-- Cheers / Saludos,
Carlos E. R. (from 15.4 x86_64 at Telcontar)
All global IPv6 addresses are 2000::/3 so you might block/drop all these addresses by using "firewall-cmd --zone=block --add-source=2000::/3" or "firewall-cmd --zone=drop --add-source=2000::/3", depending on if you want to reject (with an ICMP message) or drop the incoming IPv6 package from a global IPv6 address. You still can use private IPv6 addresses (link local or unique local addresses). -- fr.gr. member openSUSE Freek de Kruijf