similar to: ip6tables equivalent for NAT?

with ipv6, you just allow the specific ports destined to the specific local machine(s) in on your WAN side, they don't need translating. same sort of rule as if you had a internet-facing service running on the routing system On Tue, May 26, 2020 at 11:55 AM Kenneth Porter <shiva at sewingwitch.com> wrote: > I finally got an ISP connection with working IPv6 and now I need to add

On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to

Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark

Gordon Messmer wrote: > On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > >> On 2018-10-26 16:25, mark wrote: >> I believe this should remove any ipv6 rules (rules and chains) >> >> ip6tables -F ip6tables -X > > You might want to clear the other tables, too: > > > for x in filter nat mangle raw security "" do ip6tables ${x:+-t

On 2018-10-26 16:25, mark wrote: > Working on a script, and to test, I need to shut down ip6tables > temporarily. firewalld is running; is there any way to shut down *just* > ip6tables? > > I tried installinf iptables-services, and did a systemctl stop > ip6tables, > and no joy. > > mark > > _______________________________________________ > CentOS

I figure that TCP is easy: Add a rule to the forward chain to allow SYN packets. There's already connection tracking to handle established connections. Does connection tracking handle UDP? If I allow all UDP from the LAN interface and one sends a DNS query from LAN to WAN, will the reply get back? I don't want to blanket authorize all UDP. ICMPv6, maybe, to allow traceroutes. Unless

http://bugzilla.netfilter.org/show_bug.cgi?id=812 Summary: addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: major Priority: P5 Component: ip6_tables

On 5/22/2016 9:45 PM, Eero Volotinen wrote: > Firewalld is preferred way. You should learn it.. Are there any good tools for converting an iptables-save file to a Firewalld configuration?

I discovered that IPv6 is sort of working when I got an email rejection from Comcast for not having an IPv6 PTR record. I discovered I could telnet to port 25 on their MX server over IPv6! I then found I could tracroute6 to them, but I couldn't to my Linode VPS in Fremont. It gets to the data center and stops. Going the other way, my Linode can traceroute6 almost to my AT&T-hosted

On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com> wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get OpenVPN working to allow home workers to access PCs at the office. I've > got it all working but only by manually inserting an ACCEPT rule in

On 01/28/2016 11:26 AM, Emmett Culley wrote: > To my surprise, except for the interface definition for public and trusted zones, nothing seemed to be configured. That is, none of the services were checked off that we want open at the firewall. Also, this server is a gateway and masquerading and forwarding appears to be off as well. Firewalld doesn't read the iptables state of the system,

The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running. For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT Instead, you can now execute the

> >You say you have compiled Samba yourself, so I take it that Samba is > i>nstalled at /usr/local/samba, if so, is the new samba in your PATH > i>and > >are there any OS Samba packages installed ? > I compile myself. I removed all packets for samba before start the > instalation. > My options: ./configure --sysconfdir=/etc/samba/ > --mandir=/usr/share/man/

https://bugzilla.netfilter.org/show_bug.cgi?id=1186 Bug ID: 1186 Summary: ip6tables-restore not passing useful error messages from ip6tables Product: iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: enhancement Priority: P5 Component:

On 4/28/2020 4:22 PM, Chris Adams wrote: > What's in /etc/sysconfig/network-scripts/ifcfg-<name>? I wonder if you > have IPv6 disabled. Pasted below. V6 definitely works. I have a second server and gave it a WAN address and I can connect between them using their WAN addresses. That's what told me that my ip6tables weren't screwed up and that the problem lay elsewhere.

http://bugzilla.netfilter.org/show_bug.cgi?id=796 Summary: ip6tables (iptables) "state" test fails to correctly determine the state of packet streams; will not jump to ACCEPT on ESTABLISHED,RELATED connections Product: iptables Version: unspecified Platform: All OS/Version: All

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

https://bugzilla.netfilter.org/show_bug.cgi?id=940 Summary: ip6tables-save output invalid rule when using D/SNPT Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1751 Bug ID: 1751 Summary: ip6tables-restore doesn't restore counters Product: iptables Version: 1.8.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: iptables-restore Assignee: netfilter-buglog

On Tue, July 12, 2016 12:51, Earl A Ramirez wrote: > if I had any knowledge of systemd and other things that are more than >> totally different ... >> I'm not an expert; is ip(6)tables still part of CentOS 7? >> > > It is available but not installed by default, you will have to install it > and stop and disable firewalld. > and this done by which shell command?