James Knott wrote:
On 05/20/2015 05:30 AM, Per Jessen wrote:
ip6tables -A INPUT -p tcp -s ::ffff:192.168.77.77 -j DROP
The real question is - will the latter actually drop IPv4 traffic from 192.168.77.77 ?
No. If you use Wireshark, you'll see that when you try to access ::ffff:192.168.77.77 it actually's converted to 192.168.77.77 and the return traffic is also from 192.168.77.77. Don't forget, the device with the address 192.168.77 might not be able to do IPv6 and wouldn't even know what ::ffff:192.168.77.77 means. So, you'll have to filter on 192.168.77.77.
Yeah, that's my conclusion too. It's a pity iptables doesn't accept the mapped address form. Oh well. -- Per Jessen, Zürich (11.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org