Hi Tom, Here is the info you asked.
1. Start shorewall6 root@ubuntu:/etc/shorewall6# shorewall6 start Compiling... Processing /etc/shorewall6/shorewall6.conf... Loading Modules... Compiling /etc/shorewall6/zones... Compiling /etc/shorewall6/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /usr/share/shorewall6/action.Drop for chain Drop... Compiling /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs... Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast... Compiling /usr/share/shorewall/action.Invalid for chain Invalid... Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn... Compiling /usr/share/shorewall6/action.Reject for chain Reject... Compiling /etc/shorewall6/policy... Compiling TCP Flags filtering... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall6/rules... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Creating ip6tables-restore input... Shorewall configuration compiled to /var/lib/shorewall6/.start Starting Shorewall6.... Initializing... Setting up Traffic Control... Preparing ip6tables-restore input... Running /sbin/ip6tables-restore... IPv6 Forwarding Disabled! done. 2. Ping the destination IP, it is OK root@ubuntu:/etc/shorewall6# ping6 2001:4998:c:401::c:9101 PING 2001:4998:c:401::c:9101(2001:4998:c:401::c:9101) 56 data bytes 64 bytes from 2001:4998:c:401::c:9101: icmp_seq=1 ttl=48 time=87.1 ms 64 bytes from 2001:4998:c:401::c:9101: icmp_seq=2 ttl=48 time=86.1 ms 64 bytes from 2001:4998:c:401::c:9101: icmp_seq=3 ttl=48 time=83.9 ms 64 bytes from 2001:4998:c:401::c:9101: icmp_seq=4 ttl=48 time=86.1 ms 3. Telnet to the HTTP port. The TCP connection timed out eventually. But I expect the TCP connection refused immediately. root@ubuntu:/etc/shorewall6# telnet 2001:4998:c:401::c:9101 80 Trying 2001:4998:c:401::c:9101... telnet: Unable to connect to remote host: Connection timed out 4. The output from "root@ubuntu:/etc/shorewall6# shorewall6 dump -l -x -m > status.txt" is attached. Bin On Wed, Sep 26, 2012 at 2:38 PM, Tom Eastep <[email protected]> wrote: > On 09/26/2012 02:08 PM, Bin Wang wrote: >> Hi All, >> >> I am trying to use shorewall6 to DROP/REJECT TCP/IPv6 traffic. I am >> running shorewall6 4.4.26.1 with one interface configuration on Ubuntu >> 12.04. What I found was that DROP works correctly, but REJECT does >> not. >> >> I have the following in /etc/shorewall6/policy >> >> #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST >> $FW net REJECT >> net $FW DROP info >> net all DROP info >> >> # The FOLLOWING POLICY MUST BE LAST >> all all REJECT info >> >> Then when I try to TCP connect to a host, I don't get the connection >> refused immediately as shorewall does for TCP/IPv4. But the connection >> is trying until it is timed out later. >> >> Does anybody have any idea why I am getting this and how I make REJECT >> work as expected for TCP/IPv6. >> >> Your help is highly appreciated. > > Please forward as a compressed attachment the output of 'shorewall6 > dump' and explain the connection you were attempting to make which you > felt should have been rejected (use IP addresses rather than DNS names). > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > How fast is your code? > 3 out of 4 devs don\\\'t know how their code performs in production. > Find out how slow your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219672;13503038;z? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
