IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6

To:	Maillist netdev <netdev@xxxxxxxxxxx>
Subject:	IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6
From:	Peter Bieringer <pb@xxxxxxxxxxxx>
Date:	Sat, 02 Jun 2001 11:03:24 +0200
Cc:	Maillist linux-ipv6 <linux-ipv6@xxxxxxxxxxxxx>, Maillist USAGI-users <usagi-users@xxxxxxxxxxxxxx>
Sender:	owner-netdev@xxxxxxxxxxx

Hi all,

are there any plans to implement "ipv6_local_port_range" in the future like on IPv4?

BTW: for all the IPv6 freaks and kernel 2.4 users: I've already brought netfilter6 on my gateway server up to life (thanks to netfilter & ext3 developers) and add some hints in my HowTo relating to this: http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-8.html

netfilter6 is currently not fullfeatured and work in progress, but packet filtering works and for security issues it's really better than nothing! I recommend to insert following rules on (tunnel) interface(s) to block incoming TCP connections requests like:

ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP

Modify the "-i" option, if your interface(s) to the global IPv6 network are named different.


 Peter

<Prev in Thread]	Current Thread	[Next in Thread>
IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Peter Bieringer <= Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Andi Kleen Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Peter Bieringer Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Andi Kleen

Previous by Date:	Re: [PATCH] support for Cobalt Networks (x86 only) systems (for, Bogdan Costescu
Next by Date:	Re: [PATCH] support for Cobalt Networks (x86 only) systems (forrealthis, jamal
Previous by Thread:	Re: removing ip aliases, Harald Welte
Next by Thread:	Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Andi Kleen
Indexes:	[Date] [Thread] [Top] [All Lists]