Re: Default ip6tables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 18, 2006 at 09:48:09AM -0400, Chris Lumens wrote:
> > 	There's a conflict in there.  The default IPv6 ip6tables rules are
> > using experimental features in the kernel which are not enabled and
> > which would break IPv4 NAT and MASQ (and who knows what) if they were
> > enabled.  Basically, stateful filtering is fubared and breaks the IPv6
> > networking if you try to use it.  They need to drop back to stateless
> > filtering for ip6tables before release of FC6 (unless it's slipped sooo
> > far back that we end up with the 2.6.20 kernel where it's expected to
> > work) or the whole v6 stack is blocked if you have those rules enabled.
> 
> I have committed a fix to s-c-securitylevel to set up stateless rules
> for what you select in the UI, and this fix has made its way into the
> FC6 trees.  So this should be fixed up for the final release.
> 
> In the future if you have problems with how the default firewall is set
> up, please file a bug against system-config-securitylevel and I will fix
> it.  Just leaving things in email makes the big assumption that I will
> read everything, and there's way too much mail for that.  Thanks.

See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190590 .
This was the original complaint about IPv6 state matching rules not
working (in FC5).  If possible, you should probably make the 
s-c-securitylevel change there, too.

Jay

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]