[Firehol-support] ipv4 action rejects ipv6 too
Nick
firehol at acrasis.net
Mon Feb 4 19:35:58 GMT 2019
Hi,
This is on Debian stable with firehol 3.1.1+ds-1. I defined a toy
service 'nick' with
# cat /etc/firehol/services/nick.conf
#FHVER: 1:213
server_nick_ports="tcp/4321"
client_nick_ports="default"
The service is made available to my LAN by /etc/firehol.conf,
server nick accept \
src4 192.168.1.0/24 \
src6 2a02:8010:63a6::/64
This works. I can start my service with netcat listening on port 4321
and verify that netcat elsewhere in my LAN can reach it.
Now I want to modify the availability by excluding one address. So I
modify my config to add a reject preceding the accept:
server4 nick reject src 192.168.1.69
server nick accept \
src4 192.168.1.0/24 \
src6 2a02:8010:63a6::/64
This does prevent 192.168.1.69 from reaching the service without
affecting the rest of the LAN. However, the host that is excluded
over ipv4 is also excluded over ipv6. Should I expect that?
Thanks,
--
Nick
More information about the Firehol-support
mailing list