Ipv6 for the content provider
tony at lava.net
Mon Jan 31 13:04:42 CST 2011
On Mon, 31 Jan 2011, Simon Perreault wrote:
> The command
> # ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> works on CentOS 5.5. And there's no documentation for it in "man
> ip6tables". So it fits the backport hypothesis...
While it may accept it, you may find it doesn't really work the way it
should :) I had made the same assumption and discovered various problems.
I ended up replacing it with:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT
which is what ip6tables ships with. You may need to adjust that port
range depending on your apps.
e-mail/xmpp: tony at lava.net
More information about the NANOG