* [Bridge] Can bridge be 'seen' by ip6tables?
@ 2006-12-22 6:27 llsherry
2006-12-22 18:52 ` Bart De Schuymer
2006-12-22 19:08 ` Stephen Hemminger
0 siblings, 2 replies; 3+ messages in thread
From: llsherry @ 2006-12-22 6:27 UTC (permalink / raw)
To: bridge
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="gb2312", Size: 1014 bytes --]
Hello!
Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it.
The iptables functions in bridge mode,but the ipv6 doesn't work well.In the bridge mode,ip6tables can¡¯t prevent the packet when I use ¡°ip6tables ¨CA FORWARD ¨Cj DROP¡±. I use the command"ls/proc/sys/net/bridge",it shows bridge-nf-call-iptables,bridge-nf-call-arptables,bridge-nf-filter-vlan-tagged.The problem is I can't find bridge-nf-call-ip6tables.
I have searched a lot of information,all said that the kernel2.6 have the bridge-nf code.Could you please tell me how to let the bridged packets be 'seen' by ip6tables?
Thank you very much!
sherry
[-- Attachment #2: Type: text/html, Size: 2774 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bridge] Can bridge be 'seen' by ip6tables?
2006-12-22 6:27 [Bridge] Can bridge be 'seen' by ip6tables? llsherry
@ 2006-12-22 18:52 ` Bart De Schuymer
2006-12-22 19:08 ` Stephen Hemminger
1 sibling, 0 replies; 3+ messages in thread
From: Bart De Schuymer @ 2006-12-22 18:52 UTC (permalink / raw)
To: llsherry; +Cc: bridge
Op vr, 22-12-2006 te 14:27 +0800, schreef llsherry:
> Hello!
>
> Recently,I’m doing a security project based upon ipv6.I have
> built up a bridge to support a transparent firewall.(my system is
> Fedora Core 2,kernel 2.6.5).In this system ,the version of the
> iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I
> download a new version and test it.
>
> The iptables functions in bridge mode,but the ipv6 doesn't work
> well.In the bridge mode,ip6tables can’t prevent the packet when I use
> “ip6tables CA FORWARD Cj DROP”. I use the
> command"ls/proc/sys/net/bridge",it shows
> bridge-nf-call-iptables,bridge-nf-call-arptables,bridge-nf-filter-vlan-tagged.The problem is I can't find bridge-nf-call-ip6tables.
>
> I have searched a lot of information,all said that the kernel2.6
> have the bridge-nf code.Could you please tell me how to let the
> bridged packets be 'seen' by ip6tables?
Support for IPv6 was added in a later kernel release.
cheers,
Bart
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bridge] Can bridge be 'seen' by ip6tables?
2006-12-22 6:27 [Bridge] Can bridge be 'seen' by ip6tables? llsherry
2006-12-22 18:52 ` Bart De Schuymer
@ 2006-12-22 19:08 ` Stephen Hemminger
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Hemminger @ 2006-12-22 19:08 UTC (permalink / raw)
To: llsherry; +Cc: bridge
On Fri, 22 Dec 2006 14:27:43 +0800 (CST)
"llsherry" <llsherry@163.com> wrote:
>
> Hello!
> Recently,I’m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).
That is real old by now, and not sure what the status of bridging and IPV6
was back then (> 2yrs ago)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-12-22 19:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-22 6:27 [Bridge] Can bridge be 'seen' by ip6tables? llsherry
2006-12-22 18:52 ` Bart De Schuymer
2006-12-22 19:08 ` Stephen Hemminger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.