* Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx> [2006-05-12 13:57]: > Le jeudi 11 mai 2006 à 15:19 +0200, Wolfram Schlich a écrit : > > I was happy to see that kernel 2.6.15 and iptables 1.3.5 > > brought state match support for IPv6. > > When giving it a try, it turned out *all* packets were classified > > as being in INVALID state: > > It seems you don't have Layer 3 independant connection tracking > (NF_CONNTRACK) and IPv6 conntrack support (NF_CONNTRACK_IPV6) built. > > The thing is Linux kernel as the "old style" connection tracking that > only works for IPv4, not for IPv6. That's what you're using now. That's > why you get INVALID state for IPv6 packets. > > If you want to have IPv6 conntrack, you have to remove "Connection > tracking" support in "IP Netfilter Configuration section, then go to > Core Netfilter Configuration section and activate "Layer 3 Independent > Connection tracking". Then you will see "IPv6 support for new connection > tracking" option in IPv6 Netfilter Configuration section. > > And you're done. You simply _made my day_ :-) Thanks a lot! I am wondering from what docs I could have found that out :-/ -- Regards, Wolfram Schlich <wschlich@xxxxxxxxxx> Gentoo Linux * http://dev.gentoo.org/~wschlich/
