16 Apr 2009, 16:30
Tags: , , , , , , , ,
Comments Off

ip6tables: ACCEPT icmpv6 before dropping state INVALID

Spend some hours trying to figure out why our firewall was blocking ipv6 icmp traffic. Apparantly, ipv6 packets start out in state invalid and get valid after some sort of icmp traffic. If anyone can explain it to me, I’d love to hear the details. My guess is that in ipv4, state is somehow set to valid via ARP. Since ipv6 doesn’t use ARP but icmp for neighbour detection, my guess is that you need to accept this before doing any state checking.

Tags: , , , , , , , ,

 
  
 

  • Search


  • Twitter

    • @ArjenNL Awstats is not real-time :S Need it for monitoring, not trending. Kinda strange there are no solutions, really. in reply to ArjenNL 1 day ago
    • @ArjenNL Thx, but that's a mod_watch solution :) I don't want to use mod_watch, since it seems unmaintained :) in reply to ArjenNL 1 day ago
    • Anyone know of a maintained mod_watch-alike solution for Apache2? Preferably one that's packaged for Debian... 1 day ago
    • Seems that no month can pass without us calling our telephony provider about a screw up on their invoice to us... 1 day ago
    • @KroosSara Ik vond Inception erg stoer, ondanks Leonardo. Beetje Matrix-achtige sfeer, maar heel ander verhaal (uiteraard). 2 days ago
    • More updates...

    Powered by Twitter Tools

  • Calender

    April 2009
    M T W T F S S
    « Mar   May »
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • Archives