nanog mailing list archives
Re: Ipv6 for the content provider
From: Antonio Querubin <tony () lava net>
Date: Wed, 26 Jan 2011 13:05:50 -1000 (HST)
On Wed, 26 Jan 2011, Randy McAnally wrote:
The only issue I've faced is RHEL/CentOS doesn't have stateful connection tracking for IPv6 - so ip6tables is practically worthless.
As long as you're willing to run your iptables through a modification filter to generate the corresponding ip6tables you should be ok. The following sed script might come in handy.
s/-p icmp --icmp-type any/-p icmpv6/ /-m state --state ESTABLISHED,RELATED/ { s/-m state --state ESTABLISHED,RELATED/-p udp -m udp --dport 32768:61000/p s/udp/tcp/g s/61000/61000 ! --syn/ } s/-m state --state NEW // s/224.0.0.251/ff02::fb/ s/icmp-host-prohibited/icmp6-adm-prohibited/ Modify as needed. YMMV. Antonio Querubin e-mail/xmpp: tony () lava net
Current thread:
- Re: Ipv6 for the content provider, (continued)
- Re: Ipv6 for the content provider Randy McAnally (Jan 26)
- Re: Ipv6 for the content provider Lamar Owen (Jan 26)
- Re: Ipv6 for the content provider Valdis . Kletnieks (Jan 26)
- Re: Ipv6 for the content provider Blake Hudson (Jan 31)
- Re: Ipv6 for the content provider Simon Perreault (Jan 31)
- Re: Ipv6 for the content provider Blake Hudson (Jan 31)
- Re: Ipv6 for the content provider Randy McAnally (Jan 31)
- Re: Ipv6 for the content provider Lamar Owen (Jan 31)
- Re: Ipv6 for the content provider Jack Bates (Jan 31)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 31)