Re: iptables and ip6tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2008-04-11 at 11:30 +0200, Antonio M wrote:
> the two are completely different.

Yes, they are.  Which makes me wonder why you expect the configuration
of one to suit the other.

Sure, you might want similar rules (e.g. blocking port 80 for IPv4 and
IPv6), but how they're applied requires instructions suited specifically
for each one.

> I made a crazy try replacing ip6tables content with iptables content
> and I restarted ip6tables but I get:
> ip6tables failed. The error was: ip6tables: Unloading modules: [
> OK  ] 
> ip6tables: Applying firewall rules: ip6tables-restore v1.3.8:
> ip6tables-restore: unable to initialize table 'nat'
> 
> Error occurred at line: 2
> Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more
> information.
> [FALLITO]
> 
> why?? how iptables and ip6tables should match??? 

Rules perhaps, but the commands to set the rules, no.

[root@suspishus ~]# cd /etc/sysconfig/
[root@suspishus sysconfig]# diff ip6tables iptables
10,13c10,13
< -A RH-Firewall-1-INPUT -p ipv6-icmp -j ACCEPT
< -A RH-Firewall-1-INPUT -m ipv6header --header 50 -j ACCEPT
< -A RH-Firewall-1-INPUT -m ipv6header --header 51 -j ACCEPT
< -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
---
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
23,24c23,24
< -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
< -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
---
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited

This shows the differences between the two configuration files.  You can
see that the IPv6 version uses different addressing schemes and some
specific IPv6 commands.

You seem to be comparing a backup file with a current file.  And you
haven't said what you've used to set your rules.

If you're hand writing your rules, you can simply wipe out the stored
configuration and start again.  If you're using a tool to configure
them, you can probably do the same.

-- 
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux