Linux Ethernet Bridging - Apr 2007 - [Bridge] Can bridge be 'seen' by ip6tables?

On Fri, 22 Dec 2006 14:27:43 +0800 (CST)
"llsherry" <llsherry@163.com> wrote:
> 
>      Hello!    
>      Recently,I?m doing a security project based upon ipv6.I have built up
a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel
2.6.5).
That is real old by now, and not sure what the status of bridging and IPV6
was back then (> 2yrs ago)

Op vr, 22-12-2006 te 14:27 +0800, schreef llsherry:
>      Hello!    
> 
>      Recently,I?m doing a security project based upon ipv6.I have
> built up a bridge to support a transparent firewall.(my system is
> Fedora Core 2,kernel 2.6.5).In this system ,the version of the
> iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I
> download a new version and test it.
> 
>      The iptables functions in bridge mode,but the ipv6 doesn't work
> well.In the bridge mode,ip6tables can?t prevent the packet when I use
> ?ip6tables CA FORWARD Cj DROP?. I use the
> command"ls/proc/sys/net/bridge",it shows
>
bridge-nf-call-iptables,bridge-nf-call-arptables,bridge-nf-filter-vlan-tagged.The
problem is I can't find bridge-nf-call-ip6tables.
> 
>      I have searched a lot of information,all said that the kernel2.6
> have the bridge-nf code.Could you please tell me how to let the
> bridged packets be 'seen' by ip6tables?
Support for IPv6 was added in a later kernel release.

cheers,
Bart

Hello!    
     Recently,I¡¯m doing a security project based upon ipv6.I have built up a
bridge to support a transparent firewall.(my system is Fedora Core 2,kernel
2.6.5).In this system ,the version of the iptables is 1.2.7,which does not
support ipv6(I have tried it).Thus,I download a new version and test it.
     The iptables functions in bridge mode,but the ipv6 doesn't work well.In
the bridge mode,ip6tables can¡¯t prevent the packet when I use ¡°ip6tables ¨CA
FORWARD ¨Cj DROP¡±. I use the command"ls/proc/sys/net/bridge",it shows
bridge-nf-call-iptables,bridge-nf-call-arptables,bridge-nf-filter-vlan-tagged.The
problem is I can't find bridge-nf-call-ip6tables.
     I have searched a lot of information,all said that the kernel2.6 have the
bridge-nf code.Could you please tell me how to let the bridged packets be
'seen' by ip6tables?
     Thank you very much!
                                                                    sherry
                                              
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.linux-foundation.org/pipermail/bridge/attachments/20061222/ec659b84/attachment-0002.htm