Filtering TCP over IPv6 does not work :(
Jan Rekorajski
baggins@sith.mimuw.edu.pl
Sun, 16 Jul 2000 16:49:54 +0200
On Sun, 16 Jul 2000, OvErFlAsH wrote:
> > > > This work:
> > > > ip6tables -A INPUT --proto tcp -j DROP
> > > >
> > > > but this NOT:
> > > > ip6tables -A INPUT --proto tcp --port 22 -j DROP
> > >
> > > try ip6tables -A INPUT -p tcp --dport 22 -j DROP
> > > ^^
> >
> > Yeah, sorry, that was typo. I tried --dport on input, --sport on output,
> > ip6tables happily accepted the rule, but thought that no packet
> > matched it :(
>
> u can allways connect with ssh ?
>
> or with nmap is it a open port?
I can always connect with ssh.
> try ip6tables -I INPUT --proto tcp --port 22 -j DROP
>
> than is it your first rule !
>
> than it is impossible that a other rule match the packet!
That was the only one rule. And -I can't help here.
Besides, the rules I tried work for IPv4.
Jan
--
Jan Rêkorajski | ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, type MANIAC | -- TROOPS by Kevin Rubio