similar to: Does IPV6 support HTB?

Hi, I''m trying to do some horrible private address routing between networks. Is there a way to handle the following? I''m guessing policy routing *might* be the way, but anyway... Two networks, accessible via public addresses -- a /29 on each. Each network, however, has more machines than this, so one also has 192.168.0.0/24 and the other has 192.168.1.0/24. I have an IPIP

A stupid question: which is recomended? I have 1 interface eth0. I need to set about 20 virtual interfaces eth0:xx on it. If I create them with ifconfig eth0:xx I see it with ifconfig and with ip addr ls. If I set it with ''ip addr add'', ifconfig don''t show them, but ''ip addr ls'' and ''route'' show them. So, which is better?

Running "tc -s class show dev eth1" against an HTB qdisc results in the output of class summaries similar to this: class htb 1:10 parent 1:1 leaf 10: prio 0 rate 150000bit ceil 1466Kbit burst 2Kb cburst 2Kb Sent 158641651 bytes 771351 pkt (dropped 0, overlimits 0 requeues 0) rate 8064bit 7pps backlog 0b 0p requeues 0 lended: 680985 borrowed: 90366 giants: 0 tokens: 173443 ctokens:

On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to

Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark

Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the

Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the first line of the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

I have a fairly vanilla install of Centos5 on a desktop box (with a Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process hangs at "Applying ip6tables firewall rules" for 30-60 seconds before proceeding, which is annoying. I have not tried to turn off ipv6 networking. I guess I could, but is this slowness to be expected? Is it waiting for some ipv6 response?

Been looking, and haven't found the answer: in c7, is there a firewall-cmd command, or a systemctl cmd, to check whether ip6tables firewall is running mark

http://bugzilla.netfilter.org/show_bug.cgi?id=588 Summary: make ipv6 optional in iptables Product: iptables Version: CVS (please indicate timestamp) Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1 Component: ip6tables AssignedTo: laforge at netfilter.org

Hi, I am running libvirt on RHEL 6.2 and getting this below error when I start the daemon: /usr/sbin/libvirtd --verbose 2012-04-20 06:00:13.366+0000: 26900: info : libvirt version: 0.9.11 2012-04-20 06:00:13.366+0000: 26900: error : virExecWithHook:424 : Cannot find 'dnsmasq' in path: No such file or directory 2012-04-20 06:00:13.405+0000: 26900: warning : ebiptablesDriverInit:4066 :

Hi all, I'm sorry if this is a quick dumb one, but how does one install ip6tables? Running yum install ip6tables doesn't return anything, even with the rpmforge repository enabled: root at mercury:[~]$ yum install -y ip6tables Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * base: pubmirrors.reflected.net * extras: mirror.vcu.edu *

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from

Hi thank you for looking in to this. I haven't tried it before now. I cant get it to work. after running the commands you suggest I get this when I run ip6tables --list-rules root at JOTVPN:~# ip6tables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j

Hi, I am having problems adding a stateful inspection rule with ip6tables on CentOS4.5. #ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That's what I am trying to do, but #ip6tables: No chain/target/match by that name. I have been googling but unable to solve the problem. any ideas?

Hi! The netfilter coreteam proudly presents: iptables version 1.3.7 The 1.3.7 version contains accumulated bugfixes to the last 1.3.6 version. This comes a bit earlier after the last release than usual because the endian annotations in 2.6.19 broke iptables compilation, which is fixed with this version. The ChangeLog is attached to this mail. Version 1.3.7 can be obtained from:

very perplexed here - I need to turn off iptables. Ive tried service iptables save service iptables stop chkconfig iptables off service ip6tables save service ip6tables stop chkconfig ip6tables off edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the