similar to: [Bridge] IPv6 + ip6tables packet bridging?

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

Tom Eastep wrote: > | Have you applied the ipsec+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It

On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to

Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

I have a fairly vanilla install of Centos5 on a desktop box (with a Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process hangs at "Applying ip6tables firewall rules" for 30-60 seconds before proceeding, which is annoying. I have not tried to turn off ipv6 networking. I guess I could, but is this slowness to be expected? Is it waiting for some ipv6 response?

Hi all, I'm sorry if this is a quick dumb one, but how does one install ip6tables? Running yum install ip6tables doesn't return anything, even with the rpmforge repository enabled: root at mercury:[~]$ yum install -y ip6tables Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * base: pubmirrors.reflected.net * extras: mirror.vcu.edu *

Hi list! I am configuring Shorewall on a Xen domU virtual machine. I configured only the zones, interfaces, rules, policy and shorewall.conf files. When I run "shorewall check" there aren''t no problems, but when I try to start shorewall I get this error a lot of time: iptables: Invalid argument ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad

Hello, I am running into a strange problem here. I wrote you a mail earlier also regarding this. 1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18). I tried the latest version of brdige mode utility and also I tried version 0.94 as well. But whenever I run the brdige mode on this kernel - the kernel goes panic saying "aiee - killing interrupt handler". Now I am in a

Hi, I am having problems adding a stateful inspection rule with ip6tables on CentOS4.5. #ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That's what I am trying to do, but #ip6tables: No chain/target/match by that name. I have been googling but unable to solve the problem. any ideas?

Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the

Hi I have an old server running centos 4.9 and recently I added ipv6 connectivity to it, however I wanted to use iptables to restrict access like im doing over ipv4. I tried using yum to install ip6tables but that's not available on the repo. I'm trying to figure out what my options are, how do you guys recommend I go about installing ip6tables. I guess I could upgrade the server from 4.9

Hi, I am trying to get ipv6 firewall running. I did a very simple ip6tables rules and noticed very long running yum updates. I think that happened because firewall is dropping outgoing packets to port 80. Well, I thought to mitigate the issue and changed outgoing from drop to reject. Now I try manually # strace telnet 2a02:180:ffff:1::551f:b966 80 ... connect(3, {sa_family=AF_INET6,

CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0

Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hi, please Cc: all replies, I'm not subscribed I seem to have troubles with my Linux bridge (2.6.8-rc2), which is apparently not bridging UDP fragments (NFS) when passing packets through iptables, but I do not see in the iptables stats where the packets are dropped. Policies for INPUT, FORWARD, OUTPUT are all "ACCEPT", and I grepped for all REJECT and DROP rules in iptables -nvL,

> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in

Hello, I have a transparent bridge/firewall setup using linux-2.6.3. My iptables commands for the firewall seem to work fine, but my tc traffic shaper rules dont. The tc rules seem to apply ok, but have no effect. Here are my tc rules. Basically im just trying to limit each IP in my internal /24 to 512k of bandwidth in and out. DEV=eth0 tc qdisc del dev $DEV root tc qdisc add dev $DEV

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at