ip6tables将不接受-d目的地，但iptables将接受

Question

我试图允许IPv6地址连接到服务器上的某个IP，而不是其他IP。下面的内容不适用于ip6tables，但它只适用于普通的iptables。但是，当我从-d xx.xx.xx.77命令中删除ip6tables时，它将工作，这将允许这个ip6地址连接到我不想要的盒子上的任何IP。

ip6tables -I INPUT -d xx.xx.xx.77 -i enp2s0f0 -p tcp -m multiport --dports http,https -s 2400:cb00::/32 -j ACCEPT
ip6tables v1.6.0: host/network `xx.xx.xx.77' not found

man ip6tables为-d和-s展示了以下内容：

   [!] -s, --source address[/mask][,...]
          Source  specification.  Address  can  be  either a network name, a hostname, a network IP address (with /mask), or a plain IP address. Hostnames will be resolved once only, before the rule is submitted to the kernel.  Please note that
          specifying any name to be resolved with a remote query such as DNS is a really bad idea.  The mask can be either an ipv4 network mask (for iptables) or a plain number, specifying the number of 1's at the left side of the network mask.
          Thus, an iptables mask of 24 is equivalent to 255.255.255.0.  A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option.  Multiple addresses can be specified, but this
          will expand to multiple rules (when adding with -A), or will cause multiple rules to be deleted (with -D).

   [!] -d, --destination address[/mask][,...]
          Destination specification.  See the description of the -s (source) flag for a detailed description of the syntax.  The flag --dst is an alias for this option.

Answer 1

IPv6无法连接到IPv4。在ip6tables中，一切都需要ipv6