Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[solved] ip6tables at an ipv4 client ?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
PostPosted: Wed May 27, 2015 8:01 pm    Post subject: [solved] ip6tables at an ipv4 client ? Reply with quote
Well, after my server I switched my desktop too to use ipv6. The following works fine at my ipv6-able server :
Code:
/sbin/ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
but at my desktop I do get :
Code:
ip6tables: Protocol wrong type for socket.
Well, my desktop do not have an ipv6 from my ISP - is that the reason ?
FWIW all aother ruels works fine :
Code:
t44 ~ # cat /etc/conf.d/ipv6-rules.sh
#!/bin/sh
#
#set -x

IPT="/sbin/ip6tables"


startFirewall() {
  $IPT -P INPUT DROP
  $IPT -P FORWARD DROP
  $IPT -P OUTPUT ACCEPT

  $IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  $IPT -A INPUT -i lo -j ACCEPT
  $IPT -A INPUT --source ::1 -j ACCEPT
  $IPT -A INPUT -m conntrack --ctstate INVALID -j DROP
  $IPT -A INPUT -s fe80::/10  -p ipv6-icmp                            -j ACCEPT
  $IPT -A INPUT               -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT
}

stopFirewall() {
  $IPT -F
  $IPT -X
  $IPT -Z

  $IPT -t filter -F
  $IPT -t filter -X
  $IPT -t filter -P INPUT ACCEPT
  $IPT -t filter -P OUTPUT ACCEPT
  $IPT -t filter -P FORWARD ACCEPT
}

case $1 in
        start)  stopFirewall
          startFirewall
                            ;;

        stop)   stopFirewall
                            ;;

        *)                echo "Usage: sh $(basename $0) { start | stop }"
                            ;;
esac
My kernel .config : https://bpaste.net/show/9a87943ca543

Last edited by toralf on Thu May 28, 2015 1:38 pm; edited 1 time in total
Back to top
View user's profile Send private message
cboldt
Veteran
Veteran


Joined: 24 Aug 2005
Posts: 1046
PostPosted: Wed May 27, 2015 9:41 pm    Post subject: Reply with quote
No hand at ipv6, but this looks like the culprit to me ...

CONFIG_NF_CONNTRACK_IPV6 is not set
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
PostPosted: Thu May 28, 2015 1:38 pm    Post subject: Reply with quote
cboldt wrote:
No hand at ipv6, but this looks like the culprit to me ...

CONFIG_NF_CONNTRACK_IPV6 is not set
Thx
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy