similar to: [Bridge] Can bridge be 'seen' by ip6tables?

The network-bridge script fails when setting a few sysctls which are only available if ebtables is present in the host kernel. Fix by ignoring the return value of the sysctl command. Signed-off-by: Avi Kivity <avi@qumranet.com> Index: xen/tools/examples/network-bridge =================================================================== --- xen/tools/examples/network-bridge (revision 991)

Hi all, I order to reach maximum performance on my centos kvm hosts I have use these params: - On /etc/grub.conf: kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ elevator=deadline quiet - On sysctl.conf # Special network params net.core.rmem_default = 8388608 net.core.wmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

I have a tricky problem. I''m going to use Augeas, like here http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf to maintain sysctl.conf. However, since iptables is already disabled, when I add more lines to sysctl.conf with augeas and run sysctl -p, the following lines (which are already there) cause a failure. # Disable netfilter on bridges.

On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to

Hello, I'm just wondering why I can't manage my network interfaces through libvirt when the following kernel parameters are turned on: net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-arptables Is it a bug or by design? If the latter, could someone explain me premises of such decision? I'm aware of security implications of mixing

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark

Hi all, I'm sorry if this is a quick dumb one, but how does one install ip6tables? Running yum install ip6tables doesn't return anything, even with the rpmforge repository enabled: root at mercury:[~]$ yum install -y ip6tables Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * base: pubmirrors.reflected.net * extras: mirror.vcu.edu *

Hi, I am having problems adding a stateful inspection rule with ip6tables on CentOS4.5. #ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That's what I am trying to do, but #ip6tables: No chain/target/match by that name. I have been googling but unable to solve the problem. any ideas?

Hi list! I am configuring Shorewall on a Xen domU virtual machine. I configured only the zones, interfaces, rules, policy and shorewall.conf files. When I run "shorewall check" there aren''t no problems, but when I try to start shorewall I get this error a lot of time: iptables: Invalid argument ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad

Hi I have an old server running centos 4.9 and recently I added ipv6 connectivity to it, however I wanted to use iptables to restrict access like im doing over ipv4. I tried using yum to install ip6tables but that's not available on the repo. I'm trying to figure out what my options are, how do you guys recommend I go about installing ip6tables. I guess I could upgrade the server from 4.9

CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0

I have a fairly vanilla install of Centos5 on a desktop box (with a Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process hangs at "Applying ip6tables firewall rules" for 30-60 seconds before proceeding, which is annoying. I have not tried to turn off ipv6 networking. I guess I could, but is this slowness to be expected? Is it waiting for some ipv6 response?

https://bugzilla.netfilter.org/show_bug.cgi?id=1751 Bug ID: 1751 Summary: ip6tables-restore doesn't restore counters Product: iptables Version: 1.8.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: iptables-restore Assignee: netfilter-buglog

Hiyas, Is there a patch for the 2.4.x series to do ip6tables bridging of IPv6 packets? I was unable to go to 2.6 due to issues with large packets so still living in 2.4 land. If there are no patches, any ideas on what gets patched in IPv4 to allow this bridging? -Scott __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!

Hi, I am trying to get ipv6 firewall running. I did a very simple ip6tables rules and noticed very long running yum updates. I think that happened because firewall is dropping outgoing packets to port 80. Well, I thought to mitigate the issue and changed outgoing from drop to reject. Now I try manually # strace telnet 2a02:180:ffff:1::551f:b966 80 ... connect(3, {sa_family=AF_INET6,

Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the

Hi all, i have a xen 4.3 installation and would like to have a bridge bond szenario: *** eth0 eth1 | | bond0 | br0 | vif = [ ''bridge=br0,mac=xx:xx:xx:xx:xx:xx'' ] *** With the network script in debian wheezy *** /etc/network/interfaces auto bond0 iface bond0 inet manual slaves eth0 eth1

dear All, I'm facing this routing problem, the setup is actualy part of ltsp, but I think this problem is Centos-specific. The server is a Dell Poweredge R210. The install is standard 6.4, updated. I have one nic facing the public internet: vi /etc/sysconfig/network-scripts/ifcfg-em1 DEVICE=em1 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2b NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet