martin f krafft <madduck@xxxxxxxxxxx> writes:
> also sprach Nicolas KOWALSKI <niko@xxxxxxxxxxxxxxxxx> [2008.04.03.1735 +0200]:
>> IN=eth0 OUT= MAC=33:33:00:00:00:02:00:0f:1f:c9:4e:7d:86:dd
>> SRC=fe80:0000:0000:0000:020f:1fff:fec9:4e7d
>> DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=56 TC=0
>> HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
>
> Exactly. router-solicitation being matched by INVALID.
Ok.
I added rules to accept these. Do you think this is harmfull ?
petole:~# ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27 2808 ACCEPT 0 * * ::/0 ::/0 state RELATED,ESTABLISHED
0 0 ACCEPT 0 * * ::/0 ff01::/32
1 76 ACCEPT 0 * * ::/0 ff02::/32
0 0 LOG 0 * * ::/0 ::/0 state INVALID LOG flags 0 level 4
0 0 DROP 0 * * ::/0 ::/0 state INVALID
0 0 ACCEPT 0 lo * ::/0 ::/0
0 0 ACCEPT 0 * * fe80::/64 ::/0
0 0 ACCEPT 0 eth0 * 2001:6f8:3f1::/48 ::/0
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:25
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:80
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:443
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:465
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:993
0 0 DROP 0 * * ::/0 ::/0
It works fine.
--
Nicolas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
