回覆: Re: Ipv6 firewall in Sarge - iptabl e?=
Dear Dominic :
What do you means for "stateful filtering" ?
In my case, I am using radvd to autoconfigure the
Global Ipv6 address to other hosts.
Autoconfigure by radvd are not statefull Ip address
assignment in Ipv6. For my understanding , only DHCP6
is statefull assignment for Ipv6 address.
So, for my case , should it be good enough to use
Iptable6 ?
I am confusing with the meaning on "stateful" between
IP address assignment and stateful firewall .
May be they are not related ( two different things).
Please help me to understand this two things if you
may help.
Thanks,
K. M. Lau
--- Dominic Hargreaves <dom@earth.li> 說:
> On Mon, Oct 24, 2005 at 05:32:15PM +0800,
> kmlhk79-ipv6@yahoo.com.hk wrote:
>
> > I had running iptable on the tunnel gateway PC
> for
> > Ipv4. It give protection for Ipv4 network not
> Ipv6.
> >
> > So, I need to set up a Ipv6 firewall in the Tunnel
> > Gatway PC.
> >
> > Here is my questions :
> >
> > 1. Does the Debian Sarge Iptable also work for
> Ipv6 ?
>
> You need to use the separate ip6tables package.
>
> > 2. I it does, what command line I need to add in
> to
> > the script file for my case ?
>
> You'll probably need different rules depending on
> how your iptables is
> set up, since ip6tables (at least without patching)
> does not yet support
> stateful filtering. You'll also obviously want to
> use the IP6 addresses
> in your script rather than the IPv4 ones.
>
> > 3. Can I add Ipv6 firewall rules into the same
> Iptable
> > script file which is working for Ipv4 currently ?
>
> If you've just used a hand-built shell script
> there's no reason this
> wouldn't work.
>
> Cheers,
>
> --
> Dominic Hargreaves | http://www.larted.org.uk/~dom/
> PGP key 5178E2A5 from the.earth.li
> (keyserver,web,email)
>
>
> --
> To UNSUBSCRIBE, email to
> debian-ipv6-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
_______________________________________
想即時收到新 email 通知?
下載 Yahoo! Messenger http://messenger.yahoo.com.hk
Reply to: