Re: Trivial IPv6-for-Fedora HOWTO

From: Bernd Eckenfels
Date: Sun Aug 22 2004 - 18:43:45 EST

Next message: Matt Heler: "Re: PROBLEM: Promise Fast Track SX6000 i2o driver."
Previous message: Tomasz Torcz: "Re: Trivial IPv6-for-Fedora HOWTO"
In reply to: Alan Cox: "Re: Trivial IPv6-for-Fedora HOWTO"
Next in thread: Kalin KOZHUHAROV: "Re: Trivial IPv6-for-Fedora HOWTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <4129236E.9020205@xxxxxxxxx> you wrote:
> If you have an iptables ipv4 firewall, you'll want to
>
> F1) allow ipv6 tunnelled packets to pass through to ip6tables, by
> allowing protocol 41
>
> iptables -A block -p 41 -j ACCEPT
> ("block" is a custom chain on my firewall)
>
> F2) duplicate your ipv4 firewall rules for ipv6, using ip6tables. Some
> things, like masquerade, are not applicable to ipv6.

Note that you have to terminate the tunnel on your firewall in order to
filter the encapsulated ipv6. This is important, since letting tunnel
packets pass your firewall is a major security problem, otherwise.

Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matt Heler: "Re: PROBLEM: Promise Fast Track SX6000 i2o driver."
Previous message: Tomasz Torcz: "Re: Trivial IPv6-for-Fedora HOWTO"
In reply to: Alan Cox: "Re: Trivial IPv6-for-Fedora HOWTO"
Next in thread: Kalin KOZHUHAROV: "Re: Trivial IPv6-for-Fedora HOWTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]