ok. But there is no way to match on the outer IPv4 addresses, is there? Christopher
On Fri, 7 Jun 2013 20:34:12 +0200 Loïc BLOT <loic.b...@unix-experience.fr> wrote: > i think: > Pass in on enc0 proto ipv6-icmp > > > Loic Blot > > Le 7 juin 2013 à 19:29, Christopher Zimmermann <madro...@gmerlin.de> > a écrit : > > > Hi, > > > > simple problem: how do I allow this package to pass? > > > > 18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0: > > 172.26.153.7 > 172.26.153.1: 2001:4dd0:fbdf:0:f8b8:dafc:cff0:ae3b > > > 2a00:1450:4001:808::101f: [|icmp6] (len 16, hlim 255) (ttl 64, id > > 2105, len 76) > > > > Christopher
