[Firehol-support] IPv6 support
Andreas Unterkircher
unki at netshadow.at
Wed Feb 9 07:44:51 GMT 2011
Hi Phil,
> Is the behaviour causing you a problem? It could be that you are running
> into a problem with the auto-detection.
Hah, you are right! It works!
I was just fooled by some original v6-only rules now also appearing in
the v4 ruleset.
For example the stateful matches and logging rules that were only
intended to appear in v6.
# the rest must be stateful
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -m state --state INVALID -j DROP
# log all other attempts
ip6tables -A FORWARD -m limit --limit 60/minute --limit-burst 10 -j
LOG --log-level info --log-prefix "v6FWD "
Suddendly with "iptables()" I had log entries appearing in syslog
containing v4 address - that I only wanted to see for v6 packets. But
firehol places them into the v4 ruleset too which caused some unwanted
interactions.
But you are right - just placing "ipv6" infront of these rules and
they are forced to become ip6tables commands.
Regards,
Andreas
More information about the Firehol-support
mailing list