similar to: [Bridge] IPv6 + ip6tables packet bridging?

Displaying 20 results from an estimated 1000 matches similar to: "[Bridge] IPv6 + ip6tables packet bridging?"

2007 Apr 18
1
[Bridge] [RELEASE] ebtables-brnf-3-vs-2.4.22 and ebtables-2-0-6
Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.
2007 Apr 18
2
[Bridge] Re: Policy match with a bridge
Tom Eastep wrote: > | Have you applied the ipsec+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It
2018 Oct 26
2
ip6tables on C7
On 10/26/18, Andrew Pearce <andrew at andew.org.uk> wrote: > On 2018-10-26 16:25, mark wrote: > I believe this should remove any ipv6 rules (rules and chains) > > ip6tables -F > ip6tables -X You might want to clear the other tables, too: for x in filter nat mangle raw security "" do ip6tables ${x:+-t $x} -F ip6tables ${x:+-t $x} -X done > You may need to
2018 Oct 26
2
ip6tables on C7
Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just* ip6tables? I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy. mark
2006 Feb 16
1
[Bug 451] New: ip6tables port range support in multiport modules is broken
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables
2008 Jan 28
2
boot slow at "Applying ip6tables firewall rules"
I have a fairly vanilla install of Centos5 on a desktop box (with a Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process hangs at "Applying ip6tables firewall rules" for 30-60 seconds before proceeding, which is annoying. I have not tried to turn off ipv6 networking. I guess I could, but is this slowness to be expected? Is it waiting for some ipv6 response?
2010 Jun 01
2
how to install ip6tables?
Hi all, I'm sorry if this is a quick dumb one, but how does one install ip6tables? Running yum install ip6tables doesn't return anything, even with the rpmforge repository enabled: root at mercury:[~]$ yum install -y ip6tables Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * base: pubmirrors.reflected.net * extras: mirror.vcu.edu *
2007 Nov 15
3
ip6tables can't initialize ip6tables table filter
Hi list! I am configuring Shorewall on a Xen domU virtual machine. I configured only the zones, interfaces, rules, policy and shorewall.conf files. When I run "shorewall check" there aren''t no problems, but when I try to start shorewall I get this error a lot of time: iptables: Invalid argument ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad
2007 Apr 18
2
[Bridge] Bridge Problem with RedHat and iptables
Hello, I am running into a strange problem here. I wrote you a mail earlier also regarding this. 1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18). I tried the latest version of brdige mode utility and also I tried version 0.94 as well. But whenever I run the brdige mode on this kernel - the kernel goes panic saying "aiee - killing interrupt handler". Now I am in a
2009 Dec 01
2
ip6tables state matching
Hi, I am having problems adding a stateful inspection rule with ip6tables on CentOS4.5. #ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That's what I am trying to do, but #ip6tables: No chain/target/match by that name. I have been googling but unable to solve the problem. any ideas?
2007 Apr 18
2
[Bridge] Can bridge be 'seen' by ip6tables?
Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the
2012 Aug 01
1
centos 4.9 + ip6tables
Hi I have an old server running centos 4.9 and recently I added ipv6 connectivity to it, however I wanted to use iptables to restrict access like im doing over ipv4. I tried using yum to install ip6tables but that's not available on the repo. I'm trying to figure out what my options are, how do you guys recommend I go about installing ip6tables. I guess I could upgrade the server from 4.9
2012 Nov 21
3
ip6tables REJECT target 3s timeout
Hi, I am trying to get ipv6 firewall running. I did a very simple ip6tables rules and noticed very long running yum updates. I think that happened because firewall is dropping outgoing packets to port 80. Well, I thought to mitigate the issue and changed outgoing from drop to reject. Now I try manually # strace telnet 2a02:180:ffff:1::551f:b966 80 ... connect(3, {sa_family=AF_INET6,
2011 Jan 11
1
IPv6, HE tunnel and ip6tables problems
CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0
2017 Aug 08
1
CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)
Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This
2024 Apr 29
3
[Bug 1751] New: ip6tables-restore doesn't restore counters
https://bugzilla.netfilter.org/show_bug.cgi?id=1751 Bug ID: 1751 Summary: ip6tables-restore doesn't restore counters Product: iptables Version: 1.8.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: iptables-restore Assignee: netfilter-buglog
2007 Apr 18
1
[Bridge] Bridge not bridging NFS fragments?
Hi, please Cc: all replies, I'm not subscribed I seem to have troubles with my Linux bridge (2.6.8-rc2), which is apparently not bridging UDP fragments (NFS) when passing packets through iptables, but I do not see in the iptables stats where the packets are dropped. Policies for INPUT, FORWARD, OUTPUT are all "ACCEPT", and I grepped for all REJECT and DROP rules in iptables -nvL,
2004 Aug 28
4
RE: Promisc routing
> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in
2004 Mar 29
6
bridging shaper
Hello, I have a transparent bridge/firewall setup using linux-2.6.3. My iptables commands for the firewall seem to work fine, but my tc traffic shaper rules dont. The tc rules seem to apply ok, but have no effect. Here are my tc rules. Basically im just trying to limit each IP in my internal /24 to 512k of bandwidth in and out. DEV=eth0 tc qdisc del dev $DEV root tc qdisc add dev $DEV