Hello,
wlet@xxxxxxx a écrit :
I'm using the last svn snapshot which contains IPv6 support via
sixxs.net. The kernel running on this box is "2.6.13.1-ohio" (MIPS).
I want to use ip6tables to restrict the v6 traffic, but there is no
possibility to do a connection tracking/stateful filtering.
The new netfilter conntrack aka 'nf_conntrack' supporting IPv6
connection tracking was added in the mainline kernel version 2.6.15.
However it lacked IPv4 NAT support (and support for "complex" protocols
except FTP) until version 2.6.20, so meanwhile you had to choose between
IPv6 connection tracking provided by 'nf_conntrack' and IPv4 NAT
provided by the old IPv4-only conntrack aka 'ip_conntrack'.
For kernel versions earlier that 2.6.15, an 'nf_conntrack' patchlet was
available in the patch-o-matic-ng until patch-o-matic-ng-20050918.
However it probably had a number of bugs which were corrected after
being merged in the mainline kernel.
x_tables are also not availible.
x_tables was added in the mainline kernel version 2.6.16. It is not
related to nf_conntrack.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
