10.10.21, 13:06 +0200, Tim Woodall:
When I try to add the following rule:
# ip6tables -t nat -A POSTROUTING -s 2001::/64 -d ! 2001:1::/64 -j ACCEPT
Bad argument `2001:1::/64'
Try `ip6tables -h' or 'ip6tables --help' for more information.
It is rejected. (Ignore the fact that this rule doesn't make a huge
amount of sense, it's a very cut down instance of the rule that I'm
really trying to add)
Leaving off the exclusion:
# ip6tables -t nat -A POSTROUTING -s 2001::/64 -d 2001:1::/64 -j ACCEPT
#
And there is no problem
The manpage suggests that it should work:
d, --destination [!] address[/mask]
Destination specification. See the description of the -s (source)
flag for a detailed description of the syntax. The flag --dst is an
alias for this option.
The man page I see on bullseye suggests otherwise:
[!] -d, --destination address[/mask][,...]
Destination specification. See the description of the -s
(source) flag for a detailed description of the syntax. The flag --dst is
an alias for this option.
i. e. putting The '!' left of the '-d' works:
# ip6tables -t nat -A POSTROUTING -s 2001::/64 ! -d 2001:1::/64 -j ACCEPT
Granted, the explanation in the man page for "!" under "--source" seems
a bit ambiguous to me:
[!] -s, --source address[/mask][,...]
[...]
A "!" argument before the address specification inverts the
sense of the address.
The start of the paragraph shows where the "!" belongs, though.
--
Regards
mks
