Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] ip6tables at an ipv4 client ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3647
Location: Hamburg

PostPosted: Wed May 27, 2015 8:01 pm    Post subject: [solved] ip6tables at an ipv4 client ? Reply with quote

Well, after my server I switched my desktop too to use ipv6. The following works fine at my ipv6-able server :
Code:
/sbin/ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
but at my desktop I do get :
Code:
ip6tables: Protocol wrong type for socket.
Well, my desktop do not have an ipv6 from my ISP - is that the reason ?
FWIW all aother ruels works fine :
Code:
t44 ~ # cat /etc/conf.d/ipv6-rules.sh
#!/bin/sh
#
#set -x

IPT="/sbin/ip6tables"


startFirewall() {
  $IPT -P INPUT DROP
  $IPT -P FORWARD DROP
  $IPT -P OUTPUT ACCEPT

  $IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  $IPT -A INPUT -i lo -j ACCEPT
  $IPT -A INPUT --source ::1 -j ACCEPT
  $IPT -A INPUT -m conntrack --ctstate INVALID -j DROP
  $IPT -A INPUT -s fe80::/10  -p ipv6-icmp                            -j ACCEPT
  $IPT -A INPUT               -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT
}

stopFirewall() {
  $IPT -F
  $IPT -X
  $IPT -Z

  $IPT -t filter -F
  $IPT -t filter -X
  $IPT -t filter -P INPUT ACCEPT
  $IPT -t filter -P OUTPUT ACCEPT
  $IPT -t filter -P FORWARD ACCEPT
}

case $1 in
        start)  stopFirewall
          startFirewall
                            ;;

        stop)   stopFirewall
                            ;;

        *)                echo "Usage: sh $(basename $0) { start | stop }"
                            ;;
esac
My kernel .config : https://bpaste.net/show/9a87943ca543

Last edited by toralf on Thu May 28, 2015 1:38 pm; edited 1 time in total
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed May 27, 2015 9:41 pm    Post subject: Reply with quote

No hand at ipv6, but this looks like the culprit to me ...

CONFIG_NF_CONNTRACK_IPV6 is not set
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3647
Location: Hamburg

PostPosted: Thu May 28, 2015 1:38 pm    Post subject: Reply with quote

cboldt wrote:
No hand at ipv6, but this looks like the culprit to me ...

CONFIG_NF_CONNTRACK_IPV6 is not set
Thx
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum