Lionel Elie Mamane wrote:
On Wed, Sep 07, 2005 at 07:22:19PM +1200, Lee Begg wrote:
On Wed, 07 Sep 2005 17:35, [EMAIL PROTECTED] wrote:
For example:
If you used iptables to block all sorts of ports, but you still had
ipv6 enabled on a nic, could those ports still be accessed via an ipv6
travelling packet?
Yes, but only if you have a "real" ipv6 address on that nic (ie,
site or global address). To block the ports for ipv6, use the same
commands using ip6tables instead of iptables - it should be that
easy.
Should, but isn't. There's no stateful filtering yet.
True, I was hoping to see it in the 6.13 kernel, but it still isn't
there yet. Does anyone have any idea when it might get put in? I've
researched it, and it appears that there is an effort to rewrite the
stateful filtering framework to make it more modular so the same code
could be used for IPv4, IPv6 and other protocols.
I think that's great, but IPv6 has been around for a long time now, and
anything, even a temporary port of the IPv4 code would be better than
nothing.
Andre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
