On Sat, Sep 15, 2007 at 02:54:42PM -0700, Tom Eastep wrote: > Andrew Suffield wrote: > > On Sat, Sep 15, 2007 at 01:10:04PM -0700, Tom Eastep wrote: > >> iptables is iptables; ip6tables is ip6tables. The rulesets created using > >> these two utilities are totally independent. So there is no reason to > >> have a single product that produces both configuration. > > > > Urgh. So the braindamage is in netfilter itself. > > > > What are you supposed to do when you are running a host that's acting > > as a router between multiple ipv4 and ipv6 networks, and want to > > filter/nat/mangle/whatever traffic between them? > > It's my understanding that uou use ip6tables for that and use the fact > that the IPv4 address space is embedded within the IPv6 address space. > > But beware -- ipt6tables does not support any form of NAT.
So if you want to deploy ipv6 in production alongside an existing ipv4 network (like, say, the internet), then you're screwed. Lovely. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
