nanog mailing list archives
Re: Ipv6 for the content provider
From: Antonio Querubin <tony () lava net>
Date: Mon, 31 Jan 2011 09:04:42 -1000 (HST)
On Mon, 31 Jan 2011, Simon Perreault wrote:
The command # ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT works on CentOS 5.5. And there's no documentation for it in "man ip6tables". So it fits the backport hypothesis...
While it may accept it, you may find it doesn't really work the way it should :) I had made the same assumption and discovered various problems. I ended up replacing it with:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPTwhich is what ip6tables ships with. You may need to adjust that port range depending on your apps.
Antonio Querubin e-mail/xmpp: tony () lava net
Current thread:
- Re: Ipv6 for the content provider, (continued)
- Re: Ipv6 for the content provider Charles N Wyble (Jan 26)
- Re: Ipv6 for the content provider Randy McAnally (Jan 26)
- Re: Ipv6 for the content provider Lamar Owen (Jan 26)
- Re: Ipv6 for the content provider Valdis . Kletnieks (Jan 26)
- Re: Ipv6 for the content provider Blake Hudson (Jan 31)
- Re: Ipv6 for the content provider Simon Perreault (Jan 31)
- Re: Ipv6 for the content provider Blake Hudson (Jan 31)
- Re: Ipv6 for the content provider Randy McAnally (Jan 31)
- Re: Ipv6 for the content provider Lamar Owen (Jan 31)
- Re: Ipv6 for the content provider Charles N Wyble (Jan 26)
- Re: Ipv6 for the content provider Jack Bates (Jan 31)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 31)