On Sat, 6 Jun 2009 08:27:54 +0200 Max Kellermann <m...@duempel.org> wrote:
> On 2009/06/06 05:04, Simon Kjikàqawej Côté <simon.ra...@gmail.com> > wrote: > > ferm: > > chain ftp_whitelist { > > saddr ($WL_HOSTS) mod recent remove name FTP rsource > > ACCEPT; } > > > > iptables-save: > > -A ftp_whitelist --source ::1/128 --match recent --remove --name > > FTP --rsource --jump ACCEPT -A ftp_whitelist --source > > 192.168.1.1/24 --match recent --remove --name FTP --rsource --jump > > ACCEPT -A ftp_whitelist --source fe80::208:c7ff:febb:7df8/64 > > --match recent --remove --name FTP --rsource --jump ACCEPT > > > > Why would it insert that? > > You forgot to paste the definition of $WL_HOSTS. Probably it contains > these three addresses, two of them IPv6 and one IPv4. ferm does not > evaluate or care about the nature of these values, it just forwards > your input to iptables(-restore), and it won't sort out address > families which are not valid in the current domain. No, they don't, at all. nothing IPv6 is mentioned there. I've triple-checked the backticks used, and I don't see how they'd get an IPv6 addie: `ip addr sh $DEV_NET | awk '/inet/ {print $2}'` is one of them. > > Maybe I'm reading into your question too much, be it seemed to me > > you took it personally that I filed a bug on this. It isn't ;). > > No. I'm just trying to analyze your problem. OK, good :). -- "A mouse is a device used to point at the xterm you want to type in" -- A.S.R. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org