Join Log in
Score:0
devesh joshi avatar Server

Filtering ipv6 in icmpv6 messages based on destination ip

ae flag
devesh joshi

I am trying to filter icmpv6 type messages where my packets look something like this in the logs

**IN= OUT=tun0 SRC=2620:0107:4000:cfff:0000:0000:f200:f198 DST=fddd:1194:1194:1194:0000:0000:0000:2000 LEN=160 TC=0 HOPLIMIT=62 FLOWLBL=109562 PROTO=ICMPv6 TYPE=3 CODE=0 [SRC=fddd:1194:1194:1194:0000:0000:0000:2000 DST=2a03:2880:f11c:8183:face:b00c:0000:25de LEN=112 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=1090 ]

These packets have IPv6 in ICMPv6 layer which have the destination address as 2a03:2880:f11c:8183:face:b00c:0000:25de. I want to drop all the packets for a given range destination which include this address 2a03:2880:f11c:8183:face:b00c:0000:25de But since this part of packet is encapsulated, I can't apply the -d filter on the rule. How do I mention this layer in ip6tables command to implement drop?

16
0 + 0
Michael Hampton avatar
cz flag
Michael Hampton
What exactly are you trying to accomplish by such a block? You won't be able to block such IP addresses using this approach, but perhaps if you explain the full context, then we can help you find something that works.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.