[Firehol-support] Improving FireHOL
Thomas Arendsen Hein
thomas at intevation.de
Mon Feb 26 07:59:19 GMT 2007
* Vincent Danjean <vdanjean.ml at free.fr> [20070225 16:36]:
> C: a [limited for now] support for IPv6
>
> The 'C' feature is because I want to try to use IPv6. I saw very little
> IPv6 capable firewall. I know that the kernel support is very limited (no
> tracking connection, no REDIRECT, ...) but I would be very pleased if I can
> use firehol to at least generate rules for a simple state-less IPv6 firewall.
FireHOL needs connection tracking to work. CT for IPv6 was added in
2.6.16, but can't be enabled in the kernel config together with NAT
support for IPv4.
This problem was solved in 2.6.20, so it should be possible to do
what you want now. But just replacing iptables with ip6tables will
probably yield very strange results.
Thomas
--
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrück - Registereintrag: Amtsgericht Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Firehol-support
mailing list