Bug#612714: marked as done (netfilter: fails to match state of IPv6 connections)
Your message dated Tue, 18 Jun 2013 22:01:07 +0200
with message-id <20130618200107.GB6539@pisco.westfalen.local>
and subject line Closing
has caused the Debian Bug report #612714,
regarding netfilter: fails to match state of IPv6 connections
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
612714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612714
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: netfilter: fails to match state of IPv6 connections
- From: Nejc Škoberne <nejc@skoberne.net>
- Date: Thu, 10 Feb 2011 08:04:53 +0100
- Message-id: <4D538E15.8090901@skoberne.net>
Package: linux-2.6
Version: 2.6.32-30
Severity: normal
Tags: upstream ipv6
I tested this only by filtering bridged traffic.
How to repeat:
1. Set the IPv6 FORWARD default policy to DROP.
2. Add this rule:
ip6tables -A FORWARD -j ACCEPT
3. This way, the packets (neighbor discovery, ICMP ping ...) are not dropped.
4. We delete the previous rule and add this one:
ip6tables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
5. The IPv6 packets, which should be forwarded are now dropped.
For the record: if I test this with Lenny, the packets are forwarded if I match INVALID packets and accept them. In Squeeze even this doesn't seem to work.
-- Package-specific info:
** Version:
Linux version 2.6.32-5-amd64 (Debian 2.6.32-30) (ben@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed Jan 12 03:40:32 UTC 2011
** Command line:
BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=588f1832-95bb-4ea9-983e-f7fd257ddf70 ro quiet
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
-- debconf information:
linux-image-2.6.32-5-amd64/postinst/ignoring-do-bootloader-2.6.32-5-amd64:
linux-image-2.6.32-5-amd64/postinst/depmod-error-initrd-2.6.32-5-amd64: false
linux-image-2.6.32-5-amd64/prerm/removing-running-kernel-2.6.32-5-amd64: true
linux-image-2.6.32-5-amd64/postinst/missing-firmware-2.6.32-5-amd64:
--- End Message ---
--- Begin Message ---
Hi,
your bug has been filed against the "linux-2.6" source package and was filed for
a kernel older than the recently released Debian 7.0 / Wheezy with a severity
less than important.
We don't have the ressources to reproduce the complete backlog of all older kernel
bugs, so we're closing this bug for now. If you can reproduce the bug with Debian Wheezy
or a more recent kernel from testing or unstable, please reopen the bug by sending
a mail to control@bugs.debian.org with the following three commands included in the
mail:
reopen BUGNUMBER
reassign BUGNUMBER src:linux
thanks
Cheers,
Moritz
--- End Message ---
Reply to: