similar to: ip6tables equivalent for NAT?

I figure that TCP is easy: Add a rule to the forward chain to allow SYN packets. There's already connection tracking to handle established connections. Does connection tracking handle UDP? If I allow all UDP from the LAN interface and one sends a DNS query from LAN to WAN, will the reply get back? I don't want to blanket authorize all UDP. ICMPv6, maybe, to allow traceroutes. Unless

I discovered that IPv6 is sort of working when I got an email rejection from Comcast for not having an IPv6 PTR record. I discovered I could telnet to port 25 on their MX server over IPv6! I then found I could tracroute6 to them, but I couldn't to my Linode VPS in Fremont. It gets to the data center and stops. Going the other way, my Linode can traceroute6 almost to my AT&T-hosted

Is there a straightforward way to disallow the deletion of all IMAP mailboxes? I have a user who's deleted an important IMAP mailbox and I'm now recovering a recent copy from the backup. But I'd rather just blanket disallow all folder deletions. The user is using Thunderbird and this has happened more than once so I suspect Tbird is willing to let a folder get deleted too easily.

Hi thank you for looking in to this. I haven't tried it before now. I cant get it to work. after running the commands you suggest I get this when I run ip6tables --list-rules root at JOTVPN:~# ip6tables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j

I finally got an ISP connection with working IPv6 and now I need to add firewall rules for forwarding connections from my LAN to the WAN. I'm using firewalld to handle the high-level description that gets translated to iptables/ip6tables on CentOS 7. Of course, with IPv6, one doesn't do NAT, so the usual masquerade target doesn't make sense. But I want similar connection logic,

Hi Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node. The other computers behind the other nodes have no use for ipv6

hi It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card root at JOTVPN:~# brctl show bridge name bridge id STP enabled    interfaces bridge 8000.000c29638a7e no           eth0                                                                   vpn so I tried the

https://bugzilla.netfilter.org/show_bug.cgi?id=1412 Bug ID: 1412 Summary: ip6tables-nft not accepting "icmp" as shorthand for "icmpv6" Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=508 Summary: ip6tables conntrack marks all incoming packets as INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Gentoo Status: NEW Severity: normal Priority: P2 Component: ip_conntrack

http://bugzilla.netfilter.org/show_bug.cgi?id=567 Summary: Local multicast ICMPv6 and --state INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: Ubuntu Status: NEW Severity: blocker Priority: P1 Component: unknown AssignedTo: laforge at netfilter.org

http://bugzilla.netfilter.org/show_bug.cgi?id=576 Summary: ip6tables maks auto configuration packages as INVALID Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: blocker Priority: P1 Component: ip6tables AssignedTo: laforge at netfilter.org

I have a Bash script, currently run a couple times an hour from cron, that pulls data from an old Windows DB by rsync, converts it to SQL, and injects it into a MySQL DB for display in a LAMP-based app. (Make and Perl are also involved to minimize the number of tables touched and to clean up the SQL generated by Pxlib.) I'd like to add the ability to refresh the data immediately from the

I found a bug in Webmin when using Webmin with SELinux in Permissive Mode. The author of Webmin, asked me, in their bug tracker on SourceForge: > Ok, thanks ... I see the problem. Webmin opens the log file > /var/webmin/miniserv.error and connects STDERR to it, then runs other > commands like iptables, which inherits the STDERR file descriptor. > This is generally a good thing, as any

On 4 Oct 2017 3:13 pm, "Kenneth Porter" <shiva at sewingwitch.com> wrote: On 10/3/2017 8:14 PM, Phil Manuel wrote: > systemd-networkd doesn't use those files at all. > > If you look at the appropriate ifcfg files eg > /etc/sysconfig/network-scripts/ifcfg-em1 do you see IPV6_FAILURE_FATAL=no > ? > Where does systemd-networkd store its settings, then?

On Wed, Aug 26, 2020 at 2:54 PM Kenneth Porter <shiva at sewingwitch.com> wrote: > > Is there some way to see the RPM changelog entries for a prospective yum > update? Ideally I'd like to see just the entries that are newer than the > version of the package I already have. > > I saw a new kernel in today's yum-cron email and I'd like to know what it's >

On Mon, Jan 7, 2019 at 5:49 PM Kenneth Porter <shiva at sewingwitch.com> wrote: > On 1/6/2019 10:51 PM, Kaushal Shriyan wrote: > > the product does not support the latest CentOS Linux > > release 7.6.1810 (Core) version as of now. > > What product and what, specifically, about 7.6 does it not support? > Could you not just exclude the incompatible packages? You could

I was unable to build the whole Mumble system on CentOS but it's available for Fedora Development. I just wanted the server part on my headless server, and a static build is available from the Mumble project on Sourceforge. So I grabbed the Mumble SRPM from Fedora Development, the static build from Sourceforge, and stripped the spec file down to the minimum needed to just install the

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=15 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=15 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Additional Comments From

--On Monday, November 18, 2019 6:06 PM +0100 Leon Fauster via CentOS <centos at centos.org> wrote: > I dont see if it was mentioned; but "network scripts" are deprecated in > C8. So better start the mental migration today before the packages get > removed totally :-) What file holds all those settings, now? As a rule, I prefer to edit text files to finding the right