Ipv6 for the content provider

Antonio Querubin tony at lava.net
Wed Jan 26 17:05:50 CST 2011


On Wed, 26 Jan 2011, Randy McAnally wrote:

> The only issue I've faced is RHEL/CentOS doesn't have stateful connection
> tracking for IPv6 - so ip6tables is practically worthless.

As long as you're willing to run your iptables through a modification 
filter to generate the corresponding ip6tables you should be ok.  The 
following sed script might come in handy.

s/-p icmp --icmp-type any/-p icmpv6/
/-m state --state ESTABLISHED,RELATED/ {
   s/-m state --state ESTABLISHED,RELATED/-p udp -m udp --dport 32768:61000/p
   s/udp/tcp/g
   s/61000/61000 ! --syn/
}
s/-m state --state NEW //
s/224.0.0.251/ff02::fb/
s/icmp-host-prohibited/icmp6-adm-prohibited/

Modify as needed.  YMMV.


Antonio Querubin
e-mail/xmpp:  tony at lava.net




More information about the NANOG mailing list