[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 00560) IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6

To: Maillist netdev <netdev@xxxxxxxxxxx>
Subject: (usagi-users 00560) IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6
From: Peter Bieringer <pb@xxxxxxxxxxxx>
Date: Sat, 02 Jun 2001 11:03:24 +0200
Cc: Maillist linux-ipv6 <linux-ipv6@xxxxxxxxxxxxx>, Maillist USAGI-users <usagi-users@xxxxxxxxxxxxxx>
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hi all,

are there any plans to implement "ipv6_local_port_range" in the future like on IPv4?

BTW: for all the IPv6 freaks and kernel 2.4 users: I've already brought netfilter6 on my gateway server up to life (thanks to netfilter & ext3 developers) and add some hints in my HowTo relating to this: http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-8.html

netfilter6 is currently not fullfeatured and work in progress, but packet filtering works and for security issues it's really better than nothing! I recommend to insert following rules on (tunnel) interface(s) to block incoming TCP connections requests like:

ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP

Modify the "-i" option, if your interface(s) to the global IPv6 network are named different.


 Peter

Follow-Ups:
- (usagi-users 00563) Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6
  - From: Andi Kleen

Prev by Date: (usagi-users 00559) nmap ipv6 work?
Next by Date: (usagi-users 00561) Mandrake 8.0
Previous by thread: (usagi-users 00559) nmap ipv6 work?
Next by thread: (usagi-users 00563) Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6
Index(es):
- Date
- Thread