Ipv6 for the content provider

Antonio Querubin tony at lava.net
Mon Jan 31 13:04:42 CST 2011

On Mon, 31 Jan 2011, Simon Perreault wrote:

> The command
> # ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> works on CentOS 5.5. And there's no documentation for it in "man
> ip6tables". So it fits the backport hypothesis...

While it may accept it, you may find it doesn't really work the way it 
should :)  I had made the same assumption and discovered various problems. 
I ended up replacing it with:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT

which is what ip6tables ships with.  You may need to adjust that port 
range depending on your apps.

Antonio Querubin
e-mail/xmpp:  tony at lava.net

More information about the NANOG mailing list