On 6/8/20 1:04 PM, PGNet Dev wrote:
> i've set
>
> /init
> DYN_IP=$( dig A dyn.example.com @1.1.1.1 +short 2>/dev/null )
>
> then use
>
> %{DYN_IP}
>
> in my SW configs, e.g. in /rules.
>
> if I want to add a fallback value, what's the correct syntax/usage?
>
> in
i've set
/init
DYN_IP=$( dig A dyn.example.com @1.1.1.1 +short 2>/dev/null )
then use
%{DYN_IP}
in my SW configs, e.g. in /rules.
if I want to add a fallback value, what's the correct syntax/usage?
in fool_sm config, e.g., I use the form
On 6/8/20 10:32 AM, Tom Eastep wrote:
> Why not assign this host a static IP address via DHCP? That's what I do
> with my local systems.
hm... not sure I follow.
the 'local' box does get its external IPv4 address from the ISP.
( technically, it's actually getting it from the modem, configured
On 6/7/20 3:21 PM, PGNet Dev wrote:
> On 6/7/20 1:47 PM, Tom Eastep wrote:
>> Yes. As a general rule, address variables can be used anywhere that a
>> host IP address can be used, unless documented otherwise.
>
> great, thx.
>
> that takes care of the 'local' shorewall instance's tracking etc of
On 6/8/20 10:16 AM, Tom Eastep wrote:
> As shipped, shorewall6.conf includes 'AllowICMPs' in the
> BLACKLIST_DEFAULT, DROP_DEFAULT, and REJECT_DEFAULT settings. The
> AllowICMPs action accepts all ICMP6 packet types required by RFC 4890.
it that's sufficient, then I'm good.
atm, my
On 6/8/20 8:58 AM, PGNet Dev wrote:
> On 6/8/20 8:13 AM, Simon Hobson wrote:
>> I am really not an expert in IPv6 :-(
>
> heh. is _anyone_? much voudou req'd! ;-)
>
>> will drop it AND send back an ICMP6 PTB (Packet Too Big) message to the
>> source - thus explicitly telling the source to use
On 6/8/20 8:13 AM, Simon Hobson wrote:
> I am really not an expert in IPv6 :-(
heh. is _anyone_? much voudou req'd! ;-)
> will drop it AND send back an ICMP6 PTB (Packet Too Big) message to the
> source - thus explicitly telling the source to use smaller packets for that
> flow. If the PTB
PGNet Dev wrote:
> checking link mtus on my
>
> local,
>
> ifconfig | grep mtu
> enp2s0: flags=4163 mtu 1500
> enp3s0: flags=4163 mtu 1500
> lo: flags=73 mtu 65536
> wg0: flags=209 mtu 1420
>
> & remote boxes
>
>
i've setup dualstack IPv4 & IPv6 across my lan.
IPv4 via my local ISP's gateway; IPv6 over a wireguard VPN link through a cloud
VM, using native IPv6.
shorewall(6)-lite is is place on all boxes.
afaict so far, all IPv6 traffic flows -- at least, I've had no widespread
issues browsing ...