Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while

To: Benoit Panizzon <bp@imp.ch>, 333365@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
From: Horms <horms@debian.org>
Date: Wed, 12 Oct 2005 11:16:04 +0900
Message-id: <[🔎] 20051012021604.GH31676@verge.net.au>
Reply-to: Horms <horms@debian.org>, 333365@bugs.debian.org
In-reply-to: <[🔎] E1EPLr2-00072Z-JA@nagios.imp.ch>
References: <[🔎] E1EPLr2-00072Z-JA@nagios.imp.ch>

reassign 333365 kernel-source-2.6.8-2
thanks

On Tue, Oct 11, 2005 at 05:15:48PM +0200, Benoit Panizzon wrote:
> Package: kernel-image-2.6.8-2-686-smp
> Version: 2.6.8-16
> Severity: important
> 
> 
> Hello
> 
> Just had a few problems I cannot explain except in a kernel bug:
> 
> I would have to secure a box the way it is not accessible from unallowed networks.
> 
> So this is my code:
> 
> iptables -P INPUT DROP
> ip6tables -P INPUT DROP
> #-----------------------------------------------
> # IPv4 statefull
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -s 157.161.4.0/24 -j ACCEPT
> iptables -A INPUT -p tcp --destination-port http -j ACCEPT
> iptables -A INPUT -p tcp --destination-port nsca -j ACCEPT
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> #-----------------------------------------------
> # IPv6 (not statefull)
> ip6tables -A INPUT -i lo -j ACCEPT
> ip6tables -A INPUT -s 2001:4060:1:4133::/64 -j ACCEPT
> ip6tables -A INPUT -p tcp --destination-port http -j ACCEPT
> ip6tables -A INPUT -p tcp ! --syn -j ACCEPT
> 
> 
> After this code everything is fine for about 10 minutes (from within 2001:4060:1:4133::/64). 
> And then, suddenly the machine is not reachable via IPv6 anymore.
> 
> ip6tables -F and reloading the rules solves the problem for the next 10 minutes or so...
> 
> Any idea?

That does sould a lot like a kernel bug to me too.

Could you please test the 2.6.12-2.99.sarge1 backport to sarge to see
if it has been resolved upstream between 2.6.8 and 2.6.12.

http://packages.vergenet.net/testing/linux-2.6/

-- 
Horms

Reply to:

Follow-Ups:
- Processed: Re: Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
  - From: Benoit Panizzon <bp@imp.ch>

Prev by Date: Bug#332231: Bug#333350: ipt_recent kernel module suffers from jiffies rollover
Next by Date: Bug#333443: 2.6.12 kills USB on resume on Thinkpad T20
Previous by thread: Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
Next by thread: Processed: Re: Bug#333365: kernel-image-2.6.8-2-686-smp: ip6table causes kernel to dropp all ipv6 traffic after a while
Index(es):
- Date
- Thread