On 11/10/2013 6:00 PM, Bruce S. Skinner wrote: > Gentlepeople, > > Shorewall6 starts successfully, but during: > Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast... > > the kernel issues the message: > xt_addrtype: ipv6 does not support BROADCAST matching
That message is the result of the Shorewall compiler probing your ip6tables and kernel to determine what capabilities they support. As indicated in the message, the 'addrtype match' capability is not available. > > Distribution: Debian 7 > kernel: 3.2.0 > shorewall6 version: 4.5.5.3 > shorewall config: /usr/share/doc/shorewall6/examples/two-interfaces > > I didn't think there was any such thing as a broadcast address in ipv6, > just multicast and anycast addresses. Can someone shed some light on > what this all means? The Shorewall6 action.Broadcast file is a near clone of the one for ipv4 and therefore references broadcast. > > The Broadcast chain looks like this. > > Chain Broadcast (2 references) > pkts bytes target prot opt in out source destination > 0 0 DROP all any any anywhere > 2001:5c0:1505:f900::/128 > 0 0 DROP all any any anywhere > 2001:5c0:1505:f900:ffff:ffff:ffff:ff80/121 > 0 0 DROP all any any anywhere ff00::/8 Please never use the ip[6]tables command without the -n and the -V options. Otherwise, the output is misleading and quite useless. > > Does this mean that datagrams addressed to: > the subnet router anycast address (2001:5c0:1505:f900::/128), > all other anycast addresses > (2001:5c0:1505:f900:ffff:ffff:ffff:ff80/121), > all multicast addresses (ff00::/8) > will be dropped? or not? It does if they are sent through the Broadcast chain. That chain is jumped to from the Drop and Reject default actions. It prevents: a) Multicast/anycast packets will not be logged. b) Multicast/anycast packets will not be handled using the REJECT target. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
