Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IPv6 address block assign/associate with an interface
Special Forums IP Networking IPv6 address block assign/associate with an interface Post 302899749 by redwil on Thursday 1st of May 2014 10:17:36 AM
Old 05-01-2014
IPv6 address block assign/associate with an interface
Hello all,

I am trying to receive (tcp/udp/sctp) traffic from all IPs and, eventually, all ports of an IPv6 address block using as few sockets as possible short of implementing my own network stack.

One possible solution was to associate an IP block to an interface then bind to that interface, hence the question. I am open to other suggestions as well.

I know already that:
- it can be done by adding each IP individually to the interface via 'ip add' or in code using the IF API.
and, not necessarily regarding the question that:
- restrict bind to an interface via ioctl
- bind to ANY IP to 1 PORT

The problem with first approach is that it is not scalable.

Thanks
 

10 More Discussions You Might Find Interesting

1. Programming

validate IPV6 address in windows using c++

I know there is a function inet_tpon for unix platforms to validate ipv6 addresses.But i need an equivalent of windows.When i use this function with the header file <winsock2.h> the visual studio 2005 on win2003 issues an error saying identifier not found :confused: (3 Replies)
Discussion started by: guru13
3 Replies

2. Solaris

How to assign MAC address to N/W interface in solaris

I m having interface ce0 ce1 and its sub interfaces for that. I want to give MAC addresses for the same. How will I assign it. Please give solution for the same (4 Replies)
Discussion started by: sunray
4 Replies

3. IP Networking

assign mac address for virtual interface eth1:0

Hi , by default the physical interface (eth1) and virtual interface eth1:0 will be having same mac address, is there any way we can assign separate mac addresses for both the interfaces. would some one help me out in this. Thanks Gopi (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies

4. Solaris

IPMP + IPv6 test address

Hi, inspired by this article, I decided to implement IPMP + IPv6 in Solaris 10. It worked for me only this way: 1. Setup # cat /etc/hostname* 10.23.10.113/24 broadcast + group data failover up <- hostname.e1000g0 0.0.0.0/24 broadcast + group data -failover deprecated up standby... (3 Replies)
Discussion started by: masloff
3 Replies

5. Solaris

Solaris 19 10/09 ipv6 interface configuration

Hi, anyone has had experience in a static setting an IPv6 interface?, I'm trying accordance with the admin guide (ipv6 network configuration tasks), configure one interface in the server, actually i can do ping to my default gateway and access the Internet in IPv6, the specific point is however,... (3 Replies)
Discussion started by: pabloluja
3 Replies

6. BSD

Link Local IPv6 Address

Hi, Am using FreeBSD7.4/i386 During IPv6 configuration, I added the following in rc.conf as Restarted IPv6 network using /etc/rc.d/network_ipv6 restart.. My problem is I need to set link local IPv6 address auto-configured.. Is my proceeding right?? I feel something missing to make... (0 Replies)
Discussion started by: Priya Amaresh
0 Replies

7. Shell Programming and Scripting

How to extract IPv6 address from string?

Hi All, Would anyone know how to modify the below, so only the IPv6 address (red) is printed, please? (in other words, what's between inet6 and the / sign) ipv6=`/sbin/ifconfig lo0:5 inet6 | grep 'inet6'` print $ipv6 Currently the output of the above script is: inet6... (7 Replies)
Discussion started by: chatguy
7 Replies

8. UNIX for Advanced & Expert Users

C program to detect duplicate ip address if any after assigning ip address to ethernet interface

Hi , Could someone let me know how to detect duplicate ip address after assigning ip address to ethernet interface using c program (3 Replies)
Discussion started by: Gopi Krishna P
3 Replies

9. UNIX for Dummies Questions & Answers

Assigning ipv6 to bonding interface - getting old as well as changed ipv6 in ifconfig output

Hi, I have created a bonding bond1 interface with 6 Eth , mode=4. Recently i have changed my old ipv6 to new one and tried to restart as well as reload network service. Post which i can see old as well as changed ipv6 in ifconfig command output. Below are few files and command output for your... (1 Reply)
Discussion started by: omkar.jadhav
1 Replies

10. Solaris

How to assign IPv4 and IPv6 addresses with same interface?

Hello dears how to assign IPv4 and IPv6 addresses with same interface on solaris 10 (1 Reply)
Discussion started by: ttashman
1 Replies

LEARN ABOUT CENTOS

firewalld.zone

FIREWALLD.ZONE(5)						  firewalld.zone						 FIREWALLD.ZONE(5)

NAME

       firewalld.zone - firewalld zone configuration files

SYNOPSIS

       /etc/firewalld/zones/zone.xml
       /usr/lib/firewalld/zones/zone.xml

DESCRIPTION

       A firewalld zone configuration file contains the information for a zone. These are the zone description, services, ports, icmp-blocks,
       masquerade, forward-ports and rich language rules in an XML file format. The file name has to be zone_name.xml where length of zone_name is
       currently limited to 17 chars.

       This is the structure of a zone configuration file:

	   <?xml version="1.0" encoding="utf-8"?>
	   <zone [version="versionstring"] [target="ACCEPT|%%REJECT%%|DROP"]>
	     [ <short>short description</short> ]
	     [ <description>description</description> ]
	     [ <interface name="string"/> ]
	     [ <source address="address[/mask]"/> ]
	     [ <service name="string"/> ]
	     [ <port port="portid[-portid]" protocol="tcp|udp"/> ]
	     [ <icmp-block name="string"/> ]
	     [ <masquerade/> ]
	     [ <forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="ipv4address"]/> ]
	     [
	       <rule [family="ipv4|ipv6"]>
	       [ <source address="address[/mask]" [invert="bool"]/> ]
	       [ <destination address="address[/mask]" [invert="bool"]/> ]
	       [
		 <service name="string"/> |
		 <port port="portid[-portid]" protocol="tcp|udp"/> |
		 <protocol value="protocol"/> |
		 <icmp-block name="icmptype"/> |
		 <masquerade/> |
		 <forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/>
	       ]
	       [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> ]
	       [ <audit> [<limit value="rate/duration"/>] </audit> ]
	       [ <accept/> | <reject [type="rejecttype"]/> | <drop/> ]
	       </rule>
	     ]
	   </zone>

       The config can contain these tags and attributes. Some of them are mandatory, others optional.

   zone
       The mandatory zone start and end tag defines the zone. This tag can only be used once in a zone configuration file. There are optional
       attributes for zones:

       version="string"
	   To give the zone a version.

       target="ACCEPT|%%REJECT%%|DROP"
	   Can be used to accept, reject or drop every packet. The ACCEPT target is used in the trusted zone, every packet will be accepted. The
	   %%REJECT%% target is used in the block zone, every packet will be rejected with the default firewalld reject type. The DROP target is
	   used in the drop zone, every packet will be dropped. The default target is {chain}_ZONE_{zone} and will be used if the target is not
	   specified. If other than the default target is used, all settings except interface and source are ignored, because the first rule
	   created in firewall for this zone is 'jump to target'.

   short
       Is an optional start and end tag and is used to give a zone a more readable name.

   description
       Is an optional start and end tag to have a description for a zone.

   interface
       Is an optional empty-element tag and can be used several times. It can be used to bind an interface to a zone. An interface entry has
       exactly one attribute:

       name="string"
	   The name of the interface to be bound to the zone.

   source
       Is an optional empty-element tag and can be used several times. It can be used to bind a source address or source address range to a zone.
       A source entry has exactly one attribute:

       address="address[/mask]"
	   The source to be bound to the zone. The source is either an IP address or a network IP address with a mask for IPv4 or IPv6. The
	   network family (IPv4/IPv6) will be automatically discovered. For IPv4, the mask can be a network mask or a plain number. For IPv6 the
	   mask is a plain number. The use of host names is not supported.

   service
       Is an optional empty-element tag and can be used several times to have more than one service entry enabled. A service entry has exactly one
       attribute:

       name="string"
	   The name of the service to be enabled. To get a list of valid service names firewall-cmd --list=services can be used.

   port
       Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are
       mandatory:

       port="portid[-portid]"
	   The port can either be a single port number portid or a port range portid-portid.

       protocol="tcp|udp"
	   The protocol can either be tcp or udp.

   icmp-block
       Is an optional empty-element tag and can be used several times to have more than one icmp-block entry. Each icmp-block tag has exactly one
       mandatory attribute:

       name="string"
	   The name of the Internet Control Message Protocol (ICMP) type to be blocked. To get a list of valid ICMP types firewall-cmd
	   --list=icmptypes can be used.

   masquerade
       Is an optional empty-element tag. It can be used only once in a zone configuration and is not usable for IPv6. If it's present masquerading
       is enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface.

   forward-port
       Is an optional empty-element tag and can be used several times to have more than one port or packet forward entry. This is for IPv4 only.
       Use rich language rules for IPv6. There are mandatory and also optional attributes for forward ports:

       Mandatory attributes:
	   The local port and protocol to be forwarded.

	   port="portid[-portid]"
	       The port can either be a single port number portid or a port range portid-portid.

	   protocol="tcp|udp"
	       The protocol can either be tcp or udp.

       Optional attributes:
	   The destination of the forward. For local forwarding add to-port only. For remote forwarding add to-addr and use to-port optionally if
	   the destination port on the destination machine should be different.

	   to-port="portid[-portid]"
	       The destination port or port range to forward to. If omitted, the value of the port= attribute will be used altogether with the
	       to-addr attribute.

	   to-addr="address"
	       The destination IPv4 IP address.

   rule
       Is an optional element tag and can be used several times to have more than one rich language rule entry.

       The general rule structure:

	   <rule [family="ipv4|ipv6"]/>
	     [ <source address="address[/mask]" [invert="bool"]/> ]
	     [ <destination address="address[/mask]" [invert="bool"]/> ]
	     [
	       <service name="string"/> |
	       <port port="portid[-portid]" protocol="tcp|udp"/> |
	       <protocol value="protocol"/> |
	       <icmp-block name="icmptype"/> |
	       <masquerade/> |
	       <forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/>
	     ]
	     [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> ]
	     [ <audit> [<limit value="rate/duration"/>] </audit> ]
	     [ <accept/> | <reject [type="rejecttype"]/> | <drop/> ]
	   </rule>

       Rule structure for source black or white listing:

	   <rule [family="ipv4|ipv6"]/>
	     <source address="address[/mask]" [family="bool"]/>
	     [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> ]
	     [ <audit> [<limit value="rate/duration"/>] </audit> ]
	     <accept/> | <reject [type="rejecttype"]/> | <drop/>
	   </rule>

       For a full description on rich language rules, please have a look at firewalld.richlanguage(5).

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 														 FIREWALLD.ZONE(5)
All times are GMT -4. The time now is 07:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy