Lukas Ocilka wrote: > Hans Witvliet wrote: > > On Mon, 2006-11-27 at 18:04 +0100, Lukas Ocilka wrote: > >> Pascal Bleser wrote: > >>>> What do you think ? > >>> I'd rather vote for enhancing the firewall module ;) > >>> FTP server isn't a bad idea though, help about that is asked now and > >>> then on #suse (IRC). > >> I have plans (and features) to enhance the firewall module in 10.3 but > >> it would be nice to hear what exactly users need. > >> > > > > IPv6 > > We have these features available for IPv6 in /etc/sysconfig/SuSEfirewall2: > > FW_IPv6 (no,drop,reject) > # What to do with IPv6 Packets? > > FW_IPv6_REJECT_OUTGOING (yes,no) > # Reject outgoing IPv6 Packets?
I don't think those options should be exposed in the UI. They are just workarounds for kernels that lack v6 connection tracking > These rules should also work for IPv6 if state matching is available: > FW_SERVICES_*_TCP > FW_SERVICES_*_UDP > FW_SERVICES_*_IP > FW_SERVICES_*_RPC > > But SuSEfirewall2 on my 10.2 says: > Warning: ip6tables does not support state matching. Extended IPv6 > support disabled. > > Whence it follows that there are two issues: > 1.) Enable state matching in ip6tables (maybe simple) The new and AFAIK still experimental connection tracking code has to be enabled in the kernel. SuSEfirewall2 itself supports most of it's featues also with IPv6. It's untested since SLES9 though due to lack of kernel support. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
