Displaying 20 results from an estimated 3000 matches similar to: "Problems when filtering on icmpv6"
2011 Nov 16
1
[Bug 761] New: Bug in ICMPv6 type and code fields processing
http://bugzilla.netfilter.org/show_bug.cgi?id=761
Summary: Bug in ICMPv6 type and code fields processing
Product: ipset
Version: unspecified
Platform: i386
OS/Version: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
2018 Apr 27
1
[Bug 1250] New: extensions: libip6t_icmp6: unsupported ICMPv6 types
https://bugzilla.netfilter.org/show_bug.cgi?id=1250
Bug ID: 1250
Summary: extensions: libip6t_icmp6: unsupported ICMPv6 types
Product: iptables
Version: 1.6.x
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip6tables
Assignee:
2009 Jan 09
5
[Bug 567] New: Local multicast ICMPv6 and --state INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=567
Summary: Local multicast ICMPv6 and --state INVALID
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: Ubuntu
Status: NEW
Severity: blocker
Priority: P1
Component: unknown
AssignedTo: laforge at netfilter.org
2010 Jun 30
0
FYI: a short guide to libvirt & network filtering iptables/ebtables use
I just wrote this to assist some Red Hat folks understanding
what libvirt does with iptables, and thought it is useful info
for the whole libvirt community. When I have time I'll adjust
this content so that it can fit into the website in relevant
pages/places.
Firewall / network filtering in libvirt
=======================================
There are three pieces of libvirt
2012 Jan 03
1
[Bug 766] New: Segmentation Fault using Hop Limit and ICMPV6-TYPE in same rule
http://bugzilla.netfilter.org/show_bug.cgi?id=766
Summary: Segmentation Fault using Hop Limit and ICMPV6-TYPE in
same rule
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: ip6tables
2020 Mar 01
0
[Bug 1412] New: ip6tables-nft not accepting "icmp" as shorthand for "icmpv6"
https://bugzilla.netfilter.org/show_bug.cgi?id=1412
Bug ID: 1412
Summary: ip6tables-nft not accepting "icmp" as shorthand for
"icmpv6"
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: minor
Priority: P5
2018 Jul 02
1
Re: East-west traffic network filter
On Fri, Jun 29, 2018 at 3:40 AM Thiago Oliveira <cpv.thiago@gmail.com>
wrote:
> Hi Ales,
>
> I would like to prevent the guests from different subnets start a
> communication. In other words I have the subnet 192.168.1.0/24 and
> 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with
> guests on 192.168.2.0/24 at the same host. Is this possible using a
2018 Dec 29
0
Re: Network filters with clean-traffic not working on Debian Stretch
Hi Sam,
You can find the rules by below command, and it looks as below:
# ebtables -t nat --list
Bridge table: nat
Bridge chain: PREROUTING, entries: 2, policy: ACCEPT
-j PREROUTING_direct
-i vnet0 -j libvirt-I-vnet0
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-j OUTPUT_direct
Bridge chain: POSTROUTING, entries: 2, policy: ACCEPT
-j POSTROUTING_direct
-o vnet0 -j libvirt-O-vnet0
Bridge
2018 Jun 28
0
Re: East-west traffic network filter
On Thu, Jun 28, 2018 at 10:18:57AM +0200, Ales Musil wrote:
> Hello,
>
> I would like to make filter that allows communication only between
> specified VMs. Those VMs should be specified by their MAC address. The
> filter should extend clean-traffic but I was not able to get it working
> with that reference. I have came up with modified clean-traffic which works
> fine [1].
2018 Jun 29
0
Re: East-west traffic network filter
Hi Ales,
I would like to prevent the guests from different subnets start a
communication. In other words I have the subnet 192.168.1.0/24 and
192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with
guests on 192.168.2.0/24 at the same host. Is this possible using a filter
like yours?
Thank you.
Thiago.
Em qui, 28 de jun de 2018 às 09:37, Ales Musil <amusil@redhat.com>
2018 Jun 28
4
East-west traffic network filter
Hello,
I would like to make filter that allows communication only between
specified VMs. Those VMs should be specified by their MAC address. The
filter should extend clean-traffic but I was not able to get it working
with that reference. I have came up with modified clean-traffic which works
fine [1]. Is there a way to achieve the same behavior with reference to
clean-traffic?
Thank you.
Best
2013 May 21
1
ICMPv6 Neighbour Solication request is not answered by linux when IPv6 address is assigned via Netlink code.
Hi,
I have a process which is running as a linux service and assigns IP addresses using netlink to configued interface in linux.
For IPv4 addresses i do not see any issue with this assignment.
When i try to assign an IPv6 address, the address gets assigned successfully to the interface, but the Neighbour Solication request received for that address is not responded with and hence ping6 from a
2014 May 07
4
[Bug 926] New: icmp: ICMPv6 types are not supported
https://bugzilla.netfilter.org/show_bug.cgi?id=926
Summary: icmp: ICMPv6 types are not supported
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy:
2017 Feb 22
2
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
Hi
thank you for looking in to this. I haven't tried it before now. I cant get it to work.
after running the commands you suggest I get this when I run ip6tables --list-rules
root at JOTVPN:~# ip6tables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
-A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j
2017 Feb 23
1
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
hi
It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card
root at JOTVPN:~# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.000c29638a7e no eth0
vpn
so I tried the
2006 Sep 13
0
[Bug 508] New: ip6tables conntrack marks all incoming packets as INVALID
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=508
Summary: ip6tables conntrack marks all incoming packets as
INVALID
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Gentoo
Status: NEW
Severity: normal
Priority: P2
Component: ip_conntrack
2009 Feb 11
2
[Bug 576] New: ip6tables maks auto configuration packages as INVALID
http://bugzilla.netfilter.org/show_bug.cgi?id=576
Summary: ip6tables maks auto configuration packages as INVALID
Product: iptables
Version: unspecified
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P1
Component: ip6tables
AssignedTo: laforge at netfilter.org
2017 Feb 23
0
Is it possible to block ipv6 auto configuration entering the tinc tunnel?
On Wed, Feb 22, 2017 at 08:51:49PM +0000, Håvard Rabbe wrote:
> thank you for looking in to this. I haven't tried it before now. I cant get it to work.
>
> after running the commands you suggest I get this when I run ip6tables --list-rules
>
> root at JOTVPN:~# ip6tables --list-rules
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A FORWARD -i vpn -p
2018 Dec 29
1
Re: Network filters with clean-traffic not working on Debian Stretch
Dear Yalang,
that did the trick. If I look in the NAT table of the bridge I can see
the generated rules. Probably wouldn't have though about that ever.
Thanks a lot!
Best
Sam
On 29.12.18 06:51, Yalan Zhang wrote:
> Hi Sam,
>
> You can find the rules by below command, and it looks as below:
> # ebtables -t nat --list
> Bridge table: nat
>
> Bridge chain: PREROUTING,
2016 Mar 01
0
nwfilter : iptables rules not working
Hi,
I contact you as i have difficulties to use nwfilter with KVM host.
I want to implemente flow filtering between my Linux guests.
I created the following filter :
cat admin-dmz-internet.xml
<filter name='admin-dmz-internet'>
<!-- this zone is an SSH ingoing only zone -->
<!-- but SSH can go to an other SSH proxy -->
<filterref