similar to: Is it possible to block ipv6 auto configuration entering the tinc tunnel?

Hi thank you for looking in to this. I haven't tried it before now. I cant get it to work. after running the commands you suggest I get this when I run ip6tables --list-rules root at JOTVPN:~# ip6tables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j

hi It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card root at JOTVPN:~# brctl show bridge name bridge id STP enabled    interfaces bridge 8000.000c29638a7e no           eth0                                                                   vpn so I tried the

On Sat, Aug 27, 2016 at 11:41:12PM +0000, Håvard Rabbe wrote: > Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node.

On Wed, Feb 22, 2017 at 08:51:49PM +0000, Håvard Rabbe wrote: > thank you for looking in to this. I haven't tried it before now. I cant get it to work. > > after running the commands you suggest I get this when I run ip6tables --list-rules > > root at JOTVPN:~# ip6tables --list-rules > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -A FORWARD -i vpn -p

On 13/2/19 12:28 am, Tomasz Chmielewski wrote: > On 2019-02-12 22:12, Håvard Rabbe wrote: >> Hi >> Im running tinc 1.1pre17. My problem is that my tinc nodes >> occasionally crashes. When it crashes the tinc node is not running >> anymore. Time between failure can be sometimes days or weeks. >> >> Do anyone here have a proposal for how to debug and get this

Hi Im running tinc 1.1pre17. My problem is that my tinc nodes occasionally crashes. When it crashes the tinc node is not running anymore. Time between failure can be sometimes days or weeks. Do anyone here have a proposal for how to debug and get this problem solved? Best regards, Håvard Rabbe

https://bugzilla.netfilter.org/show_bug.cgi?id=1468 Bug ID: 1468 Summary: [netdev] dropping ether type vlan frames drops ICMPv6 type 134 Product: nftables Version: unspecified Hardware: other OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=926 Summary: icmp: ICMPv6 types are not supported Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy:

https://bugzilla.netfilter.org/show_bug.cgi?id=851 Summary: IPv6 SNAT target with --random doesn't work Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org

I'm looking for a way to add some (Linux) participants into my tinc network, but I want to protect them from accidentally binding a port so that it's accessible via tinc. For example, `nc -l` by default listens to all interfaces. Similarly, some software (I think mongodb < 2.6 was among those) bind to all interfaces AND allow unauthenticated access that can do remote code execution,

https://bugzilla.netfilter.org/show_bug.cgi?id=1128 Bug ID: 1128 Summary: ip6_tables connmark or connlabel never matches Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel)

Hi I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables this is ignored in the Ovirt Engine VM. How can I add permanent rules into the Engine VM? Kind regards Andrew

http://bugzilla.netfilter.org/show_bug.cgi?id=567 Summary: Local multicast ICMPv6 and --state INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: Ubuntu Status: NEW Severity: blocker Priority: P1 Component: unknown AssignedTo: laforge at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1412 Bug ID: 1412 Summary: ip6tables-nft not accepting "icmp" as shorthand for "icmpv6" Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5

with ipv6, you just allow the specific ports destined to the specific local machine(s) in on your WAN side, they don't need translating. same sort of rule as if you had a internet-facing service running on the routing system On Tue, May 26, 2020 at 11:55 AM Kenneth Porter <shiva at sewingwitch.com> wrote: > I finally got an ISP connection with working IPv6 and now I need to add

As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for 2.3 and I think that it is time for Shorewall to add support for IPV6. Because of parsing ambiguities, the need to maintain upward compatibility with both Shorewall and 6Wall, and different available functionality in IPV4 and IPV6 Netfilter, I believe that it is going to be necessary for some files to be

CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0

http://bugzilla.netfilter.org/show_bug.cgi?id=766 Summary: Segmentation Fault using Hop Limit and ICMPV6-TYPE in same rule Product: iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: ip6tables

Hi! I have som problems with my vpn tunnel. I have 6 nodes in the network. Three of them is running tinc 1.1pre5 Three of them is running tinc 1.0.19 I also have vlan tagging between the nodes running tinc 1.1pre5 The problem is that get a bunch of errors in the log like the messages below (logs is attached in the email): Got late or replayed packet from JOTPOS ("internal ip" port

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=508 Summary: ip6tables conntrack marks all incoming packets as INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Gentoo Status: NEW Severity: normal Priority: P2 Component: ip_conntrack