Your message dated Mon, 15 Aug 2011 06:08:50 +0100
with message-id <[email protected]>
and subject line Re: Bug#637844: iptables-persistent: ignores ipv6 (config file
attached has ad-hoc fix)
has caused the Debian Bug report #637844,
regarding iptables-persistent: ignores ipv6 (config file attached has ad-hoc
fix)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
637844: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iptables-persistent
Version: 0.0.20100801
Severity: normal
Tags: patch ipv6
Seems an odd omission at this point in time not to provide the capability
to trigger ip6tables-restore in this package. It's not a formal patch, but
reportbug has attached /etc/init.d/iptables-persistent with the simple
change I've added. A full fix probably needs to add a few words in the
description and docs as well.
Thanks!
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 2.6.32-5-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iptables-persistent depends on:
ii iptables 1.4.8-3 administration tools for packet fi
iptables-persistent recommends no packages.
iptables-persistent suggests no packages.
-- Configuration Files:
/etc/init.d/iptables-persistent changed:
case "$1" in
start)
if [ -f /etc/iptables/rules ]; then
iptables-restore </etc/iptables/rules
fi
if [ -f /etc/iptables/rules6 ]; then
ip6tables-restore </etc/iptables/rules6
fi
;;
stop|force-stop|restart|force-reload|status)
;;
*)
echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
/etc/iptables/rules changed:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:drop-and-log-it - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.31.0.0/16 -i eth0 -j ACCEPT
-A INPUT -s 172.31.0.0/16 -i eth1 -j drop-and-log-it
-A INPUT -d 69.17.22.215/32 -i eth1 -j ACCEPT
-A INPUT -d 69.17.22.215/32 -i eth1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A INPUT -j drop-and-log-it
-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -m mark --mark 0x1 -j ACCEPT
-A FORWARD -j drop-and-log-it
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 69.17.22.215/32 -d 172.31.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.31.1.1/32 -d 172.31.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -d 172.31.0.0/16 -o eth1 -j drop-and-log-it
-A OUTPUT -s 69.17.22.215/32 -o eth1 -j ACCEPT
-A OUTPUT -j drop-and-log-it
-A drop-and-log-it -j LOG --log-level 6
-A drop-and-log-it -j REJECT --reject-with icmp-port-unreachable
COMMIT
*mangle
:PREROUTING ACCEPT [1665:593487]
:INPUT ACCEPT [176:13335]
:FORWARD ACCEPT [1489:580152]
:OUTPUT ACCEPT [147:16305]
:POSTROUTING ACCEPT [1636:596457]
-A PREROUTING -d 69.17.22.215/32 -i eth1 -p tcp -m multiport --dports
443,444,6881:6889 -j MARK --set-xmark 0x1/0xffffffff
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [467422:31286127]
:POSTROUTING ACCEPT [3083:200516]
:OUTPUT ACCEPT [5572:392319]
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 443 -j DNAT
--to-destination 172.31.1.5:22
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 444 -j DNAT
--to-destination 172.31.1.23:22
-A PREROUTING -d 69.17.22.215/32 -p tcp -m tcp --dport 6881:6889 -j DNAT
--to-destination 172.31.1.5:6881-6889
-A POSTROUTING -o eth1 -j SNAT --to-source 69.17.22.215
COMMIT
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.0.20101230
The version in sid has this functionality, but I won't be backporting it to
stable at this stage. Contact the backports team if you're interested in
doing this work.
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--- End Message ---
