Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
reassign 333365 kernel-source-2.6.8-2
thanks
On Tue, Oct 11, 2005 at 05:15:48PM +0200, Benoit Panizzon wrote:
> Package: kernel-image-2.6.8-2-686-smp
> Version: 2.6.8-16
> Severity: important
>
>
> Hello
>
> Just had a few problems I cannot explain except in a kernel bug:
>
> I would have to secure a box the way it is not accessible from unallowed networks.
>
> So this is my code:
>
> iptables -P INPUT DROP
> ip6tables -P INPUT DROP
> #-----------------------------------------------
> # IPv4 statefull
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -s 157.161.4.0/24 -j ACCEPT
> iptables -A INPUT -p tcp --destination-port http -j ACCEPT
> iptables -A INPUT -p tcp --destination-port nsca -j ACCEPT
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> #-----------------------------------------------
> # IPv6 (not statefull)
> ip6tables -A INPUT -i lo -j ACCEPT
> ip6tables -A INPUT -s 2001:4060:1:4133::/64 -j ACCEPT
> ip6tables -A INPUT -p tcp --destination-port http -j ACCEPT
> ip6tables -A INPUT -p tcp ! --syn -j ACCEPT
>
>
> After this code everything is fine for about 10 minutes (from within 2001:4060:1:4133::/64).
> And then, suddenly the machine is not reachable via IPv6 anymore.
>
> ip6tables -F and reloading the rules solves the problem for the next 10 minutes or so...
>
> Any idea?
That does sould a lot like a kernel bug to me too.
Could you please test the 2.6.12-2.99.sarge1 backport to sarge to see
if it has been resolved upstream between 2.6.8 and 2.6.12.
http://packages.vergenet.net/testing/linux-2.6/
--
Horms
Reply to: