Hi, > * I don't see how I can create a firewall rule to allow traffic WAN -> > PFX:SFX/128 port 22,25,80,443. The dest_ip needs to be PFX:SFX/128, but > PFX is dynamic.
you can use one of the following notations to match the suffix part only while ignoring the dynamic prefix: option dest_ip ::1234:5678:abcd:ef12/::ffff:ffff:ffff:ffff or fw3's shorthand notation (slash-minus-64 to match the last 64 bit): option dest_ip ::1234:5678:abcd:ef12/-64 The former syntax also works with plain iptables. You can use masks to match any part of the ip, e.g. "0:0:0:1234::/0:0:0:ffff::" to match any IPv6 address which is exactly "1234" in the 49th to 64th bits. ~ Jo _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
