[Firehol-support] ipv4 action rejects ipv6 too [solved]

Nick firehol at acrasis.net
Tue Feb 5 21:26:36 GMT 2019

On 2019-02-04 21:58 GMT, Nick wrote:
> This does prevent from reaching the service without
> affecting the rest of the LAN.  However, the host that is excluded
> over ipv4 is also excluded over ipv6.  Should I expect that?

I think I now know what was going on and it wasn't firehol's doing, it
was user error.

It turns out that netcat by default listens on ipv4 only, which I
hadn't noticed before my firehol testing.  If I use natcat's -6
switch, it listens on both ipv4 and ipv6.  Then firehol rejects the
ipv4 connection but accepts the ipv6 connection, just as I wanted.

(In case anyone cares, this is OpenBSD netcat and more details about
-6 are at <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921446>.)


More information about the Firehol-support mailing list