[Bug 508] ip6tables conntrack marks all incoming packets as INVALID
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Fri Oct 23 10:30:09 CEST 2009
http://bugzilla.netfilter.org/show_bug.cgi?id=508
devurandom at gmx.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |devurandom at gmx.net
------- Comment #5 from devurandom at gmx.net 2009-10-23 10:30 -------
I am having the same issue on a 2.6.29-hardened kernel.
# grep -i ip_nf_conntrack /usr/src/linux/.config
returns no matches
grep -i nf_conntrack /usr/src/linux/.config
CONFIG_NF_CONNTRACK=m
# CONFIG_NF_CONNTRACK_MARK is not set
# CONFIG_NF_CONNTRACK_EVENTS is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
# CONFIG_NF_CONNTRACK_FTP is not set
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CONNTRACK_IPV4=m
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
CONFIG_NF_CONNTRACK_IPV6=m
# grep -i match_state /usr/src/linux/.config
CONFIG_NETFILTER_XT_MATCH_STATE=m
ip6tables rules:
[2028:211788] -A INPUT -m state --state INVALID -j LOG
[0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Can you tell please me what is wrong with my config here?
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list