On Feb 1, 2011, at 11:00 PM, Paul de Weerd wrote: > On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote: > | 4.9 GENERIC#626 i386 > | > | I write a rule that says this: > | pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56 > | > | and pfctl shows this: > | pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep > | state > | > | Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assuming > | everything to the right is dynamic, no assumed zeros), and my original rule > | seems to have 56 bits to the left, unless I'm bad at counting, which is > | entirely possible. > | > | Is this a bug? > > No, you're bad at counting. "c9" is an 8 bit value, represented as a > 16-bit value you'd get "00c9". So the IPv6 network you're really using > is 2620:0100:900f:00c9:0000:0000:0000:0000/56 .. which is the same as > 2620:0100:900f:00__:____:____:____:____/56 (with random hexadecimal > numbers in the place of all those _'s). > > Either you meant 2620:0100:900f:c900::/56 or you really want to use > 2620:0100:900f:c9::/64. > > Paul 'WEiRD' de Weerd > > -- >> ++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] > http://www.weirdnet.nl/
I looked the first two sentences and got it. Sigh. Thanks for the fast response. -- bk
