[gentoo-user] ip6tables, state matching
Since gentoo-sources-2.6.16-r3 it should be possible to use ip6tables -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT That's what I am trying to do, but ... ~ # ip6tables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables v1.3.4: Couldn't load match `state':/lib/iptables/libip6t_state.so: cannot open shared object file: No such file or directory Try `ip6tables -h' or 'ip6tables --help' for more information. Could someone please point me to the right kernel option to search for? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ip6tables, state matching
On Monday 01 May 2006 17:02, Edwin Kapauni wrote: ip6tables -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT That's what I am trying to do, but ... ~ # ip6tables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables v1.3.4: Couldn't load match `state':/lib/iptables/libip6t_state.so: cannot open shared object file: No such file or directory Try `ip6tables -h' or 'ip6tables --help' for more information. Could someone please point me to the right kernel option to search for? ip6tables doesn't do that. It can however match, or not match, on the syn flag, used to initiate a tcp connection. Look for the --syn option. -- Mike Williams -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ip6tables, state matching
Mike Williams [EMAIL PROTECTED] writes: ip6tables doesn't do that. It can however match, or not match, on the syn flag, used to initiate a tcp connection. Look for the --syn option. ip6tables can do that, but I think it needs version 1.3.5 which is in ~arch and kernel = 2.6.16 (with CONFIG_NF_CONNTRACK_IPV6=y/m) -- gentoo-user@gentoo.org mailing list
