From e6d64b676e9da834e9b0f6243a01e4362202b840 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 11 Mar 2012 16:30:08 +0000 Subject: [PATCH] bookends.m4: Optimize checking for forwarding IPv6 link-local multicast. Apply a coarse filter to detect all multicast, and dispatch to a finer-grained one to detect link-local multicast addresses. This would be much easier if the flags and scope fields were the other way around. Also fix it to use the correct address range. --- bookends.m4 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bookends.m4 b/bookends.m4 index 6faa91b..a0731d2 100644 --- a/bookends.m4 +++ b/bookends.m4 @@ -211,10 +211,12 @@ case $forward in -m addrtype --dst-type BROADCAST run iptables -A FORWARD -g bad-destination-address \ -d 224.0.0.0/24 + clearchain check-fwd-multi for x in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do - run ip6tables -A FORWARD -g bad-destination-address \ - -d fe${x}2::/16 + run ip6tables -A check-fwd-multi -g bad-destination-address \ + -d ff${x}2::/16 done + ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8 ;; esac -- 2.11.0