Re: ip6tables (was Re: Disable IPv6 - here is help)
Lionel Elie Mamane wrote: On Wed, Sep 07, 2005 at 07:22:19PM +1200, Lee Begg wrote: On Wed, 07 Sep 2005 17:35, [EMAIL PROTECTED] wrote: For example: If you used iptables to block all sorts of ports, but you still had ipv6 enabled on a nic, could those ports still be accessed via an ipv6 travelling packet? Yes, but only if you have a "real" ipv6 address on that nic (ie, site or global address). To block the ports for ipv6, use the same commands using ip6tables instead of iptables - it should be that easy. Should, but isn't. There's no stateful filtering yet. True, I was hoping to see it in the 6.13 kernel, but it still isn't there yet. Does anyone have any idea when it might get put in? I've researched it, and it appears that there is an effort to rewrite the stateful filtering framework to make it more modular so the same code could be used for IPv4, IPv6 and other protocols. I think that's great, but IPv6 has been around for a long time now, and anything, even a temporary port of the IPv4 code would be better than nothing. Andre -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ip6tables (was Re: Disable IPv6 - here is help)
On Wed, Sep 07, 2005 at 07:22:19PM +1200, Lee Begg wrote: > On Wed, 07 Sep 2005 17:35, [EMAIL PROTECTED] wrote: >> For example: >> If you used iptables to block all sorts of ports, but you still had >> ipv6 enabled on a nic, could those ports still be accessed via an ipv6 >> travelling packet? > Yes, but only if you have a "real" ipv6 address on that nic (ie, > site or global address). To block the ports for ipv6, use the same > commands using ip6tables instead of iptables - it should be that > easy. Should, but isn't. There's no stateful filtering yet. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ip6tables (was Re: Disable IPv6 - here is help)
On Wed, 07 Sep 2005 17:35, [EMAIL PROTECTED] wrote: > I'm not too familiar at all with ipv6, so I'll ask this question: > How does iptables handle IPV6 packets? Iptables doesn't, ip6tables does. > For example: > If you used iptables to block all sorts of ports, but you still had > ipv6 enabled on a nic, could those ports still be accessed via an ipv6 > travelling packet? Yes, but only if you have a "real" ipv6 address on that nic (ie, site or global address). To block the ports for ipv6, use the same commands using ip6tables instead of iptables - it should be that easy. > Again, I'm newbish on ipv6. > > Cheers, > Mike Regards Lee Begg pgp7RGEtMrYxA.pgp Description: PGP signature