bugzilla-daemon at bugzilla.netfilter.org
2009-Feb-11 18:36 UTC
[Bug 576] New: ip6tables maks auto configuration packages as INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=576
Summary: ip6tables maks auto configuration packages as INVALID
Product: iptables
Version: unspecified
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P1
Component: ip6tables
AssignedTo: laforge at netfilter.org
ReportedBy: Die_Obstfliege at gmx.de
I use $IPTABLES -A INPUT -j DROP -m state --state INVALID in my ip6tables
config.
When my client tries to resolv an ipv6 address the firewall marks the packages
as INVALID and drops them. ( so far Router Solicitations, Neighbor
Solicitations and Neighbor Advertisements and maybe other packages too )
ip6tables-INVALID: IN=eth0 OUT= MAC=33:33:00:00:00:02:00:13:77:ae:f2:1f:86:dd
SRC=fe80:0000:0000:0000:0213:77ff:feae:f21f
DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=56 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=133 CODE=0
ip6tables-INVALID: IN=eth0 OUT= MAC=00:10:e0:02:22:02:00:13:77:ae:f2:1f:86:dd
SRC=2001:06f8:10bb:0000:0213:77ff:feae:f21f
DST=fe80:0000:0000:0000:0210:e0ff:fe02:2202 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=136 CODE=0
ip6tables-INVALID: IN=eth0 OUT= MAC=33:33:ff:02:22:02:00:13:77:ae:f2:1f:86:dd
SRC=2001:06f8:10bb:0000:0213:77ff:feae:f21f
DST=ff02:0000:0000:0000:0000:0001:ff02:2202 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=135 CODE=0
without this check the client gets the IPv6 immediately.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Feb-17 18:25 UTC
[Bug 576] ip6tables maks auto configuration packages as INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=576
kaber at trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Comment #1 from kaber at trash.net 2009-02-17 19:25 -------
This should be resolved in the current -rc kernel by the attached patch. If you
can confirm that it fixes the problem for you, I'll consider sending it to
-stable.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Feb-17 18:26 UTC
[Bug 576] ip6tables maks auto configuration packages as INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=576
kaber at trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|laforge at netfilter.org |kaber at trash.net
Status|ASSIGNED |NEW
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 742] New: ip6tables "-m iprange" ipv6 range detection
- GeForce 6100 (NV4E) & nouveau regression in 3.12
- [Bug 508] New: ip6tables conntrack marks all incoming packets as INVALID
- Samba and ufw (mmcg29440@frontier.com)
- IPv6, HE tunnel and ip6tables problems