Re: ip6tables rule being rejected.
Hi.
On Sun, Oct 10, 2021 at 12:06:25PM +0100, Tim Woodall wrote:
> When I try to add the following rule:
>
> # ip6tables -t nat -A POSTROUTING -s 2001::/64 -d ! 2001:1::/64 -j ACCEPT
> Bad argument `2001:1::/64'
> Try `ip6tables -h' or 'ip6tables --help' for more information.
>
> It is rejected.
As it should. This is correct one:
ip6tables -t nat -A POSTROUTING -s 2001::/64 ! -d 2001:1::/64 -j ACCEPT
It's a known quirk of iptables - you apply inversion *before* the test,
not *inside* of it.
> And there is no problem
>
> The manpage suggests that it should work:
> d, --destination [!] address[/mask]
My instance of the same manpage states differently:
[!] -d, --destination address[/mask][,...]
But I'm using current stable, I'm unsure how this quirk was documented
before, but it behaved this was for two major Debian releases, maybe
more.
Reco
Reply to: