On Wed, Oct 18, 2006 at 09:48:09AM -0400, Chris Lumens wrote: > > There's a conflict in there. The default IPv6 ip6tables rules are > > using experimental features in the kernel which are not enabled and > > which would break IPv4 NAT and MASQ (and who knows what) if they were > > enabled. Basically, stateful filtering is fubared and breaks the IPv6 > > networking if you try to use it. They need to drop back to stateless > > filtering for ip6tables before release of FC6 (unless it's slipped sooo > > far back that we end up with the 2.6.20 kernel where it's expected to > > work) or the whole v6 stack is blocked if you have those rules enabled. > > I have committed a fix to s-c-securitylevel to set up stateless rules > for what you select in the UI, and this fix has made its way into the > FC6 trees. So this should be fixed up for the final release. > > In the future if you have problems with how the default firewall is set > up, please file a bug against system-config-securitylevel and I will fix > it. Just leaving things in email makes the big assumption that I will > read everything, and there's way too much mail for that. Thanks. See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190590 . This was the original complaint about IPv6 state matching rules not working (in FC5). If possible, you should probably make the s-c-securitylevel change there, too. Jay -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list