Re: Trivial IPv6-for-Fedora HOWTO

From: Kalin KOZHUHAROV
Date: Mon Aug 23 2004 - 00:27:24 EST

Next message: Ville Herva: "[OT] vmware, 2.6 kernel and altgr key (Re: 2.6.8.1-mm2 breaks vmware)"
Previous message: Eric W. Biederman: "Re: 2.6.8.1-mm4"
In reply to: Bernd Eckenfels: "Re: Trivial IPv6-for-Fedora HOWTO"
Next in thread: Bernd Eckenfels: "Re: Trivial IPv6-for-Fedora HOWTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bernd Eckenfels wrote:
> In article <4129236E.9020205@xxxxxxxxx> you wrote:
>
>>If you have an iptables ipv4 firewall, you'll want to
>>
>>F1) allow ipv6 tunnelled packets to pass through to ip6tables, by
>>allowing protocol 41
>>
>>iptables -A block -p 41 -j ACCEPT
>>("block" is a custom chain on my firewall)
>>
>>F2) duplicate your ipv4 firewall rules for ipv6, using ip6tables. Some
>>things, like masquerade, are not applicable to ipv6.
>
>
> Note that you have to terminate the tunnel on your firewall in order to
> filter the encapsulated ipv6. This is important, since letting tunnel
> packets pass your firewall is a major security problem, otherwise.

And what exactly does this mean?

"terminate the tunnel on your firewall" ???

Would you enlighten me (and the list) how do you do that with ip{,6}tables?

Kalin.

--
|| ~~~~~~~~~~~~~~~~~~~~~~ ||
( ) http://ThinRope.net/ ( )
|| ______________________ ||

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ville Herva: "[OT] vmware, 2.6 kernel and altgr key (Re: 2.6.8.1-mm2 breaks vmware)"
Previous message: Eric W. Biederman: "Re: 2.6.8.1-mm4"
In reply to: Bernd Eckenfels: "Re: Trivial IPv6-for-Fedora HOWTO"
Next in thread: Bernd Eckenfels: "Re: Trivial IPv6-for-Fedora HOWTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]