[Firehol-support] ipv4 action rejects ipv6 too

Nick firehol at acrasis.net
Mon Feb 4 19:35:58 GMT 2019


This is on Debian stable with firehol 3.1.1+ds-1.  I defined a toy
service 'nick' with

   # cat /etc/firehol/services/nick.conf
   #FHVER: 1:213

The service is made available to my LAN by /etc/firehol.conf,

   server nick accept \
       src4 \
       src6 2a02:8010:63a6::/64
This works.  I can start my service with netcat listening on port 4321
and verify that netcat elsewhere in my LAN can reach it.

Now I want to modify the availability by excluding one address.  So I
modify my config to add a reject preceding the accept:

    server4 nick reject src
    server nick accept \
        src4 \
        src6 2a02:8010:63a6::/64

This does prevent from reaching the service without
affecting the rest of the LAN.  However, the host that is excluded
over ipv4 is also excluded over ipv6.  Should I expect that?


More information about the Firehol-support mailing list