Re: ip6tables and connection tracking

To: Debian IPv6 Mailing List <debian-ipv6@lists.debian.org>
Cc: "Laurence J. Lane" <ljlane@debian.org>
Subject: Re: ip6tables and connection tracking
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Date: Wed, 19 May 2004 16:24:48 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.58.0405191621570.3846@trider-g7.ext.fabbione.net>
In-reply-to: <[🔎] Pine.LNX.4.58.0405191327220.3846@trider-g7.ext.fabbione.net>
References: <[🔎] Pine.LNX.4.58.0405191327220.3846@trider-g7.ext.fabbione.net>

Hi again,

On Wed, 19 May 2004, Fabio Massimo Di Nitto wrote:

> There is already a known issue! Check it here:
> http://www.linux-ipv6.org/ml/usagi-users/msg02952.html

I just exchanged a few mails with the Usagi guys. They explain to me that
it is not a issue but an error in the way i was configuring the firewall.

Here is a more complete example that will make everything working:

#! /bin/sh

CMD=/sbin/ip6tables

$CMD -F INPUT

$CMD -P INPUT DROP
$CMD -A INPUT -j ACCEPT -p tcp --destination-port 22
$CMD -A INPUT -j ACCEPT -d f000::/4
$CMD -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

As you can see the important entry is the 4 one:

-A INPUT -j ACCEPT -d f000::/4

since multicast is not tracked and needs to be allowed explicitly.

Enjoy
Fabio

-- 
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

Reply to:

References:
- ip6tables and connection tracking
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

Prev by Date: Re: ip6tables and connection tracking
Next by Date: www.Tip Top Job.com, the International Job Portal
Previous by thread: Re: ip6tables and connection tracking
Next by thread: Re: ip6tables and connection tracking
Index(es):
- Date
- Thread