回覆： Re: Ipv6 firewall in Sarge - iptabl e?=

To: Dominic Hargreaves <dom@earth.li>, debian-ipv6@lists.debian.org
Subject: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
From: <kmlhk79-ipv6@yahoo.com.hk>
Date: Fri, 28 Oct 2005 16:52:25 +0800 (CST)
Message-id: <20051028085225.35033.qmail@web33115.mail.mud.yahoo.com>
Reply-to: kmlhk79-ipv6@yahoo.com.hk
In-reply-to: <20051024094338.GK28892@urchin.earth.li>

Dear Dominic :

What do you means for "stateful filtering" ?

In my case, I am using radvd to autoconfigure the
Global Ipv6 address to other hosts.

Autoconfigure by radvd are not statefull Ip address
assignment in Ipv6. For my understanding , only DHCP6
is statefull assignment for Ipv6 address. 

So, for my case , should it be good enough to use
Iptable6  ?

I am confusing with the meaning on "stateful" between
IP address assignment and stateful firewall . 

May be they are not related ( two different things).

Please help me to understand this two things  if you
may help.

Thanks,
K. M. Lau

--- Dominic Hargreaves <dom@earth.li> 說：

> On Mon, Oct 24, 2005 at 05:32:15PM +0800,
> kmlhk79-ipv6@yahoo.com.hk wrote:
> 
> > I had running iptable on the tunnel gateway PC 
> for
> > Ipv4. It give protection for Ipv4 network not
> Ipv6.
> > 
> > So, I need to set up a Ipv6 firewall in the Tunnel
> > Gatway PC.
> > 
> > Here is my questions :
> > 
> > 1. Does the Debian Sarge Iptable also work for
> Ipv6 ?
> 
> You need to use the separate ip6tables package.
> 
> > 2. I it does, what command line I need to add in
> to
> > the script file for my case ? 
> 
> You'll probably need different rules depending on
> how your iptables is
> set up, since ip6tables (at least without patching)
> does not yet support
> stateful filtering. You'll also obviously want to
> use the IP6 addresses
> in your script rather than the IPv4 ones.
> 
> > 3. Can I add Ipv6 firewall rules into the same
> Iptable
> > script file which is working for Ipv4 currently ?
> 
> If you've just used a hand-built shell script
> there's no reason this
> wouldn't work.
> 
> Cheers,
> 
> -- 
> Dominic Hargreaves | http://www.larted.org.uk/~dom/
> PGP key 5178E2A5 from the.earth.li
> (keyserver,web,email)
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-ipv6-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 

_______________________________________
 想即時收到新 email 通知？
 下載 Yahoo! Messenger http://messenger.yahoo.com.hk

Reply to:

Follow-Ups:
- Re: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
Next by Date: Re: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
Previous by thread: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
Next by thread: Re: 回覆： Re: Ipv6 firewall in Sarge - iptabl e?=
Index(es):
- Date
- Thread