Are there any plans to allow matching 6to4/Teredo IPv6 packets against IPv4
rules (or at least ipsets)? Recently I have a server that's been under
constant DDoS from China, and I found that when I use ipsets to drop
everything from China, some continue to hammer my server over 6to4 and/or
Teredo. So I just figured I'd throw the idea out there in case it hasn't
occurred to anyone yet. ;)
Hi,
On Tue, 14 Dec 2010, Luke-Jr wrote:
> Are there any plans to allow matching 6to4/Teredo IPv6 packets against IPv4
> rules (or at least ipsets)? Recently I have a server that's been under
> constant DDoS from China, and I found that when I use ipsets to drop
> everything from China, some continue to hammer my server over 6to4 and/or
> Teredo. So I just figured I'd throw the idea out there in case it hasn't
> occurred to anyone yet. ;)
ipset 5 is about to be released in this week, with both IPv4 and IPv6
support. But feeding the sets with the proper addresses/networks is left
to the users :-).
Best regards,
Jozsef
-
E-mail : [email protected], [email protected]
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary