also sprach Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> [2008.04.03.1814 +0200]: > ICMPv6 non-error types (i.e. above type 128) - the exception of > echo-request (128) and node information query (139) - are not tracked > yet, thus such packets are marked as INVALID. Ah, I am glad there is such a straight-forward answer. Do you have a roadmap for this sort of stuff? Can we expect more IPv6 support for netfilter in 2.6.25? > In order to handle ICMPv6 in the best way I'd suggest to read > rfc4890 titled Recommendations for Filtering ICMPv6 Messages in > Firewalls, which even comes with a sample ip6tables script. Perfect. Thanks a lot! -- martin | http://madduck.net/ | http://two.sentenc.es/ "all i know is that i'm being sued for unfair business practices by micro$oft. hello pot? it's kettle on line two." -- michael robertson spamtraps: madduck.bogus@xxxxxxxxxxx
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)