[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while

Package: kernel-image-2.6.8-2-686-smp
Version: 2.6.8-16
Severity: important


Hello

Just had a few problems I cannot explain except in a kernel bug:

I would have to secure a box the way it is not accessible from unallowed networks.

So this is my code:

iptables -P INPUT DROP
ip6tables -P INPUT DROP
#-----------------------------------------------
# IPv4 statefull
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 157.161.4.0/24 -j ACCEPT
iptables -A INPUT -p tcp --destination-port http -j ACCEPT
iptables -A INPUT -p tcp --destination-port nsca -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#-----------------------------------------------
# IPv6 (not statefull)
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -s 2001:4060:1:4133::/64 -j ACCEPT
ip6tables -A INPUT -p tcp --destination-port http -j ACCEPT
ip6tables -A INPUT -p tcp ! --syn -j ACCEPT


After this code everything is fine for about 10 minutes (from within 2001:4060:1:4133::/64). 
And then, suddenly the machine is not reachable via IPv6 anymore.

ip6tables -F and reloading the rules solves the problem for the next 10 minutes or so...

Any idea?

Regards
-Benoit-


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages kernel-image-2.6.8-2-686-smp depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  initrd-tools                  0.1.81.1   tools to create initrd image for p
ii  module-init-tools             3.2-pre1-2 tools for managing Linux kernel mo

-- no debconf information
Reply to: