Package: linux-2.6 Version: 2.6.32-30 Severity: normal Tags: upstream ipv6
I tested this only by filtering bridged traffic. How to repeat: 1. Set the IPv6 FORWARD default policy to DROP. 2. Add this rule: ip6tables -A FORWARD -j ACCEPT 3. This way, the packets (neighbor discovery, ICMP ping ...) are not dropped. 4. We delete the previous rule and add this one: ip6tables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 5. The IPv6 packets, which should be forwarded are now dropped. For the record: if I test this with Lenny, the packets are forwarded if I match INVALID packets and accept them. In Squeeze even this doesn't seem to work. -- Package-specific info: ** Version: Linux version 2.6.32-5-amd64 (Debian 2.6.32-30) ([email protected]) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed Jan 12 03:40:32 UTC 2011 ** Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=588f1832-95bb-4ea9-983e-f7fd257ddf70 ro quiet Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) -- debconf information: linux-image-2.6.32-5-amd64/postinst/ignoring-do-bootloader-2.6.32-5-amd64: linux-image-2.6.32-5-amd64/postinst/depmod-error-initrd-2.6.32-5-amd64: false linux-image-2.6.32-5-amd64/prerm/removing-running-kernel-2.6.32-5-amd64: true linux-image-2.6.32-5-amd64/postinst/missing-firmware-2.6.32-5-amd64: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
