View previous topic :: View next topic |
Author |
Message |
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Wed May 27, 2015 8:01 pm Post subject: [solved] ip6tables at an ipv4 client ? |
|
|
Well, after my server I switched my desktop too to use ipv6. The following works fine at my ipv6-able server : Code: | /sbin/ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
| but at my desktop I do get : Code: | ip6tables: Protocol wrong type for socket.
| Well, my desktop do not have an ipv6 from my ISP - is that the reason ?
FWIW all aother ruels works fine : Code: | t44 ~ # cat /etc/conf.d/ipv6-rules.sh
#!/bin/sh
#
#set -x
IPT="/sbin/ip6tables"
startFirewall() {
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
$IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT --source ::1 -j ACCEPT
$IPT -A INPUT -m conntrack --ctstate INVALID -j DROP
$IPT -A INPUT -s fe80::/10 -p ipv6-icmp -j ACCEPT
$IPT -A INPUT -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT
}
stopFirewall() {
$IPT -F
$IPT -X
$IPT -Z
$IPT -t filter -F
$IPT -t filter -X
$IPT -t filter -P INPUT ACCEPT
$IPT -t filter -P OUTPUT ACCEPT
$IPT -t filter -P FORWARD ACCEPT
}
case $1 in
start) stopFirewall
startFirewall
;;
stop) stopFirewall
;;
*) echo "Usage: sh $(basename $0) { start | stop }"
;;
esac
| My kernel .config : https://bpaste.net/show/9a87943ca543
Last edited by toralf on Thu May 28, 2015 1:38 pm; edited 1 time in total |
|
Back to top |
|
|
cboldt Veteran
Joined: 24 Aug 2005 Posts: 1046
|
Posted: Wed May 27, 2015 9:41 pm Post subject: |
|
|
No hand at ipv6, but this looks like the culprit to me ...
CONFIG_NF_CONNTRACK_IPV6 is not set |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Thu May 28, 2015 1:38 pm Post subject: |
|
|
cboldt wrote: | No hand at ipv6, but this looks like the culprit to me ...
CONFIG_NF_CONNTRACK_IPV6 is not set | Thx |
|
Back to top |
|
|
|