Hi list, sorry for the previous post, here is my retry: An IPv6 host cannot receive any echo-requests with the following ruleset: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A INPUT -m state --state NEW -j in-new -A in-new -p icmpv6 -icmpv6-type echo-request -j ACCEPT The reason is that -m state --state INVALID -j DROP catches the ping packet. In an IPv4 setting, this does *not* happen. Both iptables(8) and ip6tables(8) say: INVALID meaning that the packet could not be identified for some reason which includes running out of memory and ICMP errors which don’t correspond to any known connection But echo-request is not an error. Is this a bug or am I doing something wrong? -- martin | http://madduck.net/ | http://two.sentenc.es/ plan to be spontaneous tomorrow. spamtraps: madduck.bogus@xxxxxxxxxxx
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
