Re: Default ip6tables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 	There's a conflict in there.  The default IPv6 ip6tables rules are
> using experimental features in the kernel which are not enabled and
> which would break IPv4 NAT and MASQ (and who knows what) if they were
> enabled.  Basically, stateful filtering is fubared and breaks the IPv6
> networking if you try to use it.  They need to drop back to stateless
> filtering for ip6tables before release of FC6 (unless it's slipped sooo
> far back that we end up with the 2.6.20 kernel where it's expected to
> work) or the whole v6 stack is blocked if you have those rules enabled.

I have committed a fix to s-c-securitylevel to set up stateless rules
for what you select in the UI, and this fix has made its way into the
FC6 trees.  So this should be fixed up for the final release.

In the future if you have problems with how the default firewall is set
up, please file a bug against system-config-securitylevel and I will fix
it.  Just leaving things in email makes the big assumption that I will
read everything, and there's way too much mail for that.  Thanks.

- Chris

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]