[Firehol-devs] IPv6 support
Phil Whineray
phil at sanewall.org
Sun Jan 12 12:50:21 GMT 2014
On Sun, Jan 12, 2014 at 11:55:47AM +0100, Andreas Unterkircher wrote:
> >Looking at your example I think I should look at making the group with
> >command keep the ipv4 decoration for the enclosed rules, and maybe add
> >group4 and group6 synonyms.
>
> I also think this would be a good idea.
> Having to prefix everything with "ipv4" or "ipv6" makes reading the
> ruleset hard.
>
> IMHO it would be create if you start a group4, everything nested is
> ipv4 only (respectively ipv6 if group6). But it could get a bit
> nasty if multiple groups are nested and you need to keep traffic of
> an "ipvX" flag.
I've created an issue to track it:
https://github.com/ktsaou/firehol/issues/18
Nesting ipv6 within ipv4 etc. is prohibited currently because it makes
very little sense. I will keep those semantics.
The possibility of nesting groups within groups adds a little more
complexity but hopefully should be manageable.
Cheers
Phil
More information about the Firehol-devs
mailing list