similar to: [Bug 15] ip6tables mangle needs 'route_me_harder' equivalent

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=15 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

http://bugzilla.netfilter.org/show_bug.cgi?id=576 Summary: ip6tables maks auto configuration packages as INVALID Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: blocker Priority: P1 Component: ip6tables AssignedTo: laforge at netfilter.org

http://bugzilla.netfilter.org/show_bug.cgi?id=597 Summary: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix) Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P1 Component: ip6tables AssignedTo: laforge

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=103 Summary: ip6tables -L does not separate address and mask if mask is odd Product: iptables userspace Version: 1.2.8 Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: ip6tables

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=508 Summary: ip6tables conntrack marks all incoming packets as INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Gentoo Status: NEW Severity: normal Priority: P2 Component: ip_conntrack

I finally got an ISP connection with working IPv6 and now I need to add firewall rules for forwarding connections from my LAN to the WAN. I'm using firewalld to handle the high-level description that gets translated to iptables/ip6tables on CentOS 7. Of course, with IPv6, one doesn't do NAT, so the usual masquerade target doesn't make sense. But I want similar connection logic,

I figure that TCP is easy: Add a rule to the forward chain to allow SYN packets. There's already connection tracking to handle established connections. Does connection tracking handle UDP? If I allow all UDP from the LAN interface and one sends a DNS query from LAN to WAN, will the reply get back? I don't want to blanket authorize all UDP. ICMPv6, maybe, to allow traceroutes. Unless

with ipv6, you just allow the specific ports destined to the specific local machine(s) in on your WAN side, they don't need translating. same sort of rule as if you had a internet-facing service running on the routing system On Tue, May 26, 2020 at 11:55 AM Kenneth Porter <shiva at sewingwitch.com> wrote: > I finally got an ISP connection with working IPv6 and now I need to add

https://bugzilla.netfilter.org/show_bug.cgi?id=892 Summary: ip6tables --match policy needs to accept IPv4 addresses for --tunnel-src and --tunnel-dst Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: ip6tables

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=442 Summary: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle table Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P2 Component: ip_tables

https://bugzilla.netfilter.org/show_bug.cgi?id=940 Summary: ip6tables-save output invalid rule when using D/SNPT Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org

On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to

--7ZAtKRhVyVSsbBD2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Netfilter Core Team Security Advisory =20 CVE: CAN-2003-0467 Subject: Netfilter / NAT Remote DoS Released: 01 Aug 2003 Effects: Under limited circumstances, a remote user may be able to crash

http://bugzilla.netfilter.org/show_bug.cgi?id=796 Summary: ip6tables (iptables) "state" test fails to correctly determine the state of packet streams; will not jump to ACCEPT on ESTABLISHED,RELATED connections Product: iptables Version: unspecified Platform: All OS/Version: All

Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=108 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From

Gordon Messmer wrote: > On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > >> On 2018-10-26 16:25, mark wrote: >> I believe this should remove any ipv6 rules (rules and chains) >> >> ip6tables -F ip6tables -X > > You might want to clear the other tables, too: > > > for x in filter nat mangle raw security "" do ip6tables ${x:+-t

CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0

Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the