On 2023-04-28 14:21, Freek de Kruijf wrote:
Op vrijdag 28 april 2023 13:18:47 CEST schreef Carlos E. R.:
On 2023-04-28 13:13, Andrei Borzenkov wrote:
On Fri, Apr 28, 2023 at 1:12 PM Carlos E. R. <robin.listas@telefonica.net> wrote:
...
All global IPv6 addresses are 2000::/3 so you might block/drop all these addresses by using "firewall-cmd --zone=block --add-source=2000::/3" or "firewall-cmd --zone=drop --add-source=2000::/3", depending on if you want to reject (with an ICMP message) or drop the incoming IPv6 package from a global IPv6 address. You still can use private IPv6 addresses (link local or unique local addresses).
My own address starts with 2a02:... "firewall-cmd --zone=drop --add-source=2000::/3" Thinking. Zone=drop? That's new to me. Well, currently I have: rule priority="10" source mac="CC:..." reject which rejects packets coming through the router, except those that have an explicit "accept". -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)