On Sat, 6 Jun 2009 08:27:54 +0200
Max Kellermann <m...@duempel.org> wrote:
> On 2009/06/06 05:04, Simon Kjikàqawej Côté <simon.ra...@gmail.com>
> wrote:
> > ferm:
> > chain ftp_whitelist {
> > saddr ($WL_HOSTS) mod recent remove name FTP rsource
> > ACCEPT; }
> >
> > iptables-save:
> > -A ftp_whitelist --source ::1/128 --match recent --remove --name
> > FTP --rsource --jump ACCEPT -A ftp_whitelist --source
> > 192.168.1.1/24 --match recent --remove --name FTP --rsource --jump
> > ACCEPT -A ftp_whitelist --source fe80::208:c7ff:febb:7df8/64
> > --match recent --remove --name FTP --rsource --jump ACCEPT
> >
> > Why would it insert that?
>
> You forgot to paste the definition of $WL_HOSTS. Probably it contains
> these three addresses, two of them IPv6 and one IPv4. ferm does not
> evaluate or care about the nature of these values, it just forwards
> your input to iptables(-restore), and it won't sort out address
> families which are not valid in the current domain.
No, they don't, at all. nothing IPv6 is mentioned there.
I've triple-checked the backticks used, and I don't see how they'd get
an IPv6 addie:
`ip addr sh $DEV_NET | awk '/inet/ {print $2}'`
is one of them.
> > Maybe I'm reading into your question too much, be it seemed to me
> > you took it personally that I filed a bug on this. It isn't ;).
>
> No. I'm just trying to analyze your problem.
OK, good :).
--
"A mouse is a device used to point at the xterm you want to type in"
-- A.S.R.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
