Re: Connectiontracking of IPv6 on modified Fritzbox

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Cc: wlet@gmx.net
Subject: Re: Connectiontracking of IPv6 on modified Fritzbox
Date: Fri, 30 Jan 2009 15:28:15 +0100	[thread overview]
Message-ID: <49830E7F.2020105@plouf.fr.eu.org> (raw)
In-Reply-To: <20090130132342.207450@gmx.net>

Hello,

wlet@gmx.net a écrit :
> 
> I'm using the last svn snapshot which contains IPv6 support via
> sixxs.net. The kernel running on this box is "2.6.13.1-ohio" (MIPS).
> 
> I want to use ip6tables to restrict the v6 traffic, but there is no
> possibility to do a connection tracking/stateful filtering. 

The new netfilter conntrack aka 'nf_conntrack' supporting IPv6 
connection tracking was added in the mainline kernel version 2.6.15. 
However it lacked IPv4 NAT support (and support for "complex" protocols 
except FTP) until version 2.6.20, so meanwhile you had to choose between 
IPv6 connection tracking provided by 'nf_conntrack' and IPv4 NAT 
provided by the old IPv4-only conntrack aka 'ip_conntrack'.

For kernel versions earlier that 2.6.15, an 'nf_conntrack' patchlet was 
available in the patch-o-matic-ng until patch-o-matic-ng-20050918. 
However it probably had a number of bugs which were corrected after 
being merged in the mainline kernel.

> x_tables are also not availible.

x_tables was added in the mainline kernel version 2.6.16. It is not 
related to nf_conntrack.

     prev parent reply	other threads:[~2009-01-30 14:28 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-30 13:23 Connectiontracking of IPv6 on modified Fritzbox wlet
2009-01-30 14:28 ` Pascal Hambourg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49830E7F.2020105@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter@vger.kernel.org \
    --cc=wlet@gmx.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox