On Wednesday 2012-10-17 14:40, Filip Valder wrote:
Hi.
Sorry for my misknowledge but I think that it could be an implicit rule.
Why should a user care of this IPv6 ARP? On the other side there are
surely thousands reasons for NOT doing it...
IPv6 Neighbor Discovery is used to ask the local
On Wednesday 2012-10-17 14:51, Filip Valder wrote:
I do understand and that's what I mean. It's necessary for the basic
functionality so why should it be explicitly set by a user?
Users have different requirements.
Not all possible IPv6 scenarios use NDISC.
The kernel gives you tools, how you
On Wednesday 2012-10-10 08:21, Filip Valder wrote:
Hi.
The 2 lines above the line you mention preserve SYN/SYN-ACK +
ESTABLISHED states for tcp/22 connection.
First matching rule wins, so where is the problem?
As I said, you need ICMPv6. Without it, you won't even get SSH
packets. Basic
The SSH traffic (as an example) is
dropped, no other rules (snipped) match even if they shall match.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp
4 matches
Mail list logo
