Edgar Fuß
2017-04-06 11:54:47 UTC
I learned that traditional behaviour is that talking to yourself on any IP(v4)
address gets redirected via loopback.
I then learned that this seems not to hold for IPv6.
Why does it matter? I have anti-spoofing ipf rules that, for each interface
except lo0, reject incoming packets that pretend to originate form me.
Now, ping-ing ypurself via IPv6 (on a non-loopback address) doesn't work.
For anything but ICMP echo, it doesn't matter because packets are passed out
with ``keep state'', but unfortunately, ``keep state'' rules on ICMP (both v4
and v6) tend to make packets disappear probably due to some obscure ipf bug.
Is it on purpose that IPv4 and IPv6 behave differently in this respect?
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
address gets redirected via loopback.
I then learned that this seems not to hold for IPv6.
Why does it matter? I have anti-spoofing ipf rules that, for each interface
except lo0, reject incoming packets that pretend to originate form me.
Now, ping-ing ypurself via IPv6 (on a non-loopback address) doesn't work.
For anything but ICMP echo, it doesn't matter because packets are passed out
with ``keep state'', but unfortunately, ``keep state'' rules on ICMP (both v4
and v6) tend to make packets disappear probably due to some obscure ipf bug.
Is it on purpose that IPv4 and IPv6 behave differently in this respect?
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de