[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about ip6tables and dns

Hello,

luis a écrit :


#1
how can i drop all the packets in my network from port 22 ?


Could you be more accurate ?
Locally received, locally generated or forwarded packets ?
From source port 22 or to destination port 22 ?
TCP or UDP ?


here is my radvd config

interface eth0
{
   AdvSendAdvert on;
  prefix 2001:db8::c859:1/64
  {
  };
};
2001:db8::c859:1/64 does not look like a valid /64 prefix : there are non-zero bits in the host part ::c859:1. The /64 prefix in this address is 2001:db8::/64. 


my ipv6 network have lots of ipv6 address rigth now
example
IP6TABLES -A INPUT -s 2001:db8::cdb2:6293:fe3c:571c --------------->thats my computer -p tcp --dport 22 -j ACCEPT
What do you mean by "that's my computer" ? Is this the host on which the rule is created ? If so, the -s option will match only loopback packets. Also, --dport means "to destination port", not "from (source) port". And you drop packets with DROP, not ACCEPT. 


IP6TABLES -A INPUT -s 2001:db8::c859:1/64 -p tcp --dport 22 -j DROP


Same remark as with radvd, 2001:db8::c859:1/64 is not a valid /64 prefix.

What do you want to do *exactly* ?


Now the question #2

is there a way to fuse radvd and dns or make they to work as one
for example
i have my 2001:db8::cdb2:6293:fe3c:571c witch is automatically set by radvd now how can the same server add to dns server the names A4 OR AAAA to the dns server , is there a way to do that , i think must exist that because ipv6 is kinda big , :)
What is A4 ? I don't know this DNS record type. I know the A6 type, but it is now deprecated.
I am not sure I understand your question. Radvd is used for stateless autoconfiguration by sending the network prefix ; so, unlike a DHCP server, radvd does not know about the generated host addresses and cannot do DNS dynamic update. Maybe the host which receives the prefix can do this, but I don't know how to achieve this. Why don't you just add static AAAA and reverse PTR records in the DNS server, as the same prefix and MAC address will always produce the same IPv6 address ?
Reply to: