Re: ip6tables (was Re: Disable IPv6 - here is help)

[Andre Vanha <andre@askitservices.com>]

Lionel Elie Mamane wrote:

> On Wed, Sep 07, 2005 at 07:22:19PM +1200, Lee Begg wrote:
>  
>
> > On Wed, 07 Sep 2005 17:35, michael@etalon.net wrote:
> >    
>
>  
>
> > > For example:
> > > If you used iptables to block all sorts of ports, but you still had
> > > ipv6 enabled on a nic, could those ports still be accessed via an ipv6
> > > travelling packet?
> > >      
>
>  
>
> > Yes, but only if you have a "real" ipv6 address on that nic (ie,
> > site or global address).  To block the ports for ipv6, use the same
> > commands using ip6tables instead of iptables - it should be that
> > easy.
> >    
>
> Should, but isn't. There's no stateful filtering yet.
>
>  
True, I was hoping to see it in the 6.13 kernel, but it still isn't 
there yet.  Does anyone have any idea when it might get put in?  I've 
researched it, and it appears that there is an effort to rewrite the 
stateful filtering framework to make it more modular so the same code 
could be used for IPv4, IPv6 and other protocols. 
I think that's great, but IPv6 has been around for a long time now, and 
anything, even a temporary port of the IPv4 code would be better than 
nothing.

Andre