On 10/1/2014 5:01 PM, jone...@teksavvy.com wrote: > Hello, > > Thanks for your preceeding two replies - much appreciated ! > > I have three questions regarding running an IPv6 configuration which > could surely benefit from your experience, since they are not directly > related to Shorewall, but happens when using the IPv6 portion. > > 1) When shorewall6 is run, the following is logged. Since broadcast > is not supported in Ipv6, logging this is a bit puzzling: > > Oct 1 13:04:39 deb kernel: [ 9570.619744] xt_addrtype: ipv6 does not > support BROADCAST matching
This is harmless -- it is a result of Shorewall probing your system to determine its capabilities. > > 2) Once shorewall6 has established a firewall (a very simple one to > start with) there is no netfilter subdirectory in /proc/sys/net/ipv6. > There is in ipv4/, with a few conntrack options. > > The following IPv6 modules are loaded: > > nf_conntrack_ipv6 13124 11 > nf_defrag_ipv6 12720 2 xt_TPROXY,nf_conntrack_ipv6 There is non on my system either. > > 3) When I use 'ip6tables -L' to verify, ip6tables lists a few things, > then seems to wait for something before displaying more. Why is that > so ? > The -L command (with no options) is the worst ever created. If you insist on using 'ip6tables -L' rather than 'shorewall6 show', then please use 'ip6tables -L -nv'. The -n option prevents the program from attempting to generate DNS names from addresses (which I'm betting is why you are seeing a pause), and the -v option is necessary for understanding what the ruleset is really doing. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
