On 2016-12-12 10:04 AM, Dmitry Rozhkov wrote:
In case of the DROP policy in the INPUT chain a host using IPv6 still
might need to receive TCP packets for established connections, that is
to have the rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
in its INPUT chain of ip6tabl
In case of the DROP policy in the INPUT chain a host using IPv6 still
might need to receive TCP packets for established connections, that is
to have the rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
in its INPUT chain of ip6tables. For this feature to work the option
CONFIG_N
