[Bug 576] New: ip6tables maks auto configuration packages as INVALID
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Feb 11 19:36:47 CET 2009
http://bugzilla.netfilter.org/show_bug.cgi?id=576
Summary: ip6tables maks auto configuration packages as INVALID
Product: iptables
Version: unspecified
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P1
Component: ip6tables
AssignedTo: laforge at netfilter.org
ReportedBy: Die_Obstfliege at gmx.de
I use $IPTABLES -A INPUT -j DROP -m state --state INVALID in my ip6tables
config.
When my client tries to resolv an ipv6 address the firewall marks the packages
as INVALID and drops them. ( so far Router Solicitations, Neighbor
Solicitations and Neighbor Advertisements and maybe other packages too )
ip6tables-INVALID: IN=eth0 OUT= MAC=33:33:00:00:00:02:00:13:77:ae:f2:1f:86:dd
SRC=fe80:0000:0000:0000:0213:77ff:feae:f21f
DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=56 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=133 CODE=0
ip6tables-INVALID: IN=eth0 OUT= MAC=00:10:e0:02:22:02:00:13:77:ae:f2:1f:86:dd
SRC=2001:06f8:10bb:0000:0213:77ff:feae:f21f
DST=fe80:0000:0000:0000:0210:e0ff:fe02:2202 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=136 CODE=0
ip6tables-INVALID: IN=eth0 OUT= MAC=33:33:ff:02:22:02:00:13:77:ae:f2:1f:86:dd
SRC=2001:06f8:10bb:0000:0213:77ff:feae:f21f
DST=ff02:0000:0000:0000:0000:0001:ff02:2202 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=ICMPv6 TYPE=135 CODE=0
without this check the client gets the IPv6 immediately.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list