netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6

from [Peter Bieringer] [Permanent Link][Original]
To: Maillist netdev <netdev@xxxxxxxxxxx>
Subject: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6
From: Peter Bieringer <pb@xxxxxxxxxxxx>
Date: Sat, 02 Jun 2001 11:03:24 +0200
Cc: Maillist linux-ipv6 <linux-ipv6@xxxxxxxxxxxxx>, Maillist USAGI-users <usagi-users@xxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx 
Hi all,
are there any plans to implement "ipv6_local_port_range" in the future like on IPv4?
BTW: for all the IPv6 freaks and kernel 2.4 users: I've already brought netfilter6 on my gateway server up to life (thanks to netfilter & ext3 developers) and add some hints in my HowTo relating to this: 
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-8.html
netfilter6 is currently not fullfeatured and work in progress, but packet filtering works and for security issues it's really better than nothing! I recommend to insert following rules on (tunnel) interface(s) to block incoming TCP connections requests like: 

ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP
Modify the "-i" option, if your interface(s) to the global IPv6 network are named different. 


 Peter
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] support for Cobalt Networks (x86 only) systems (for, Bogdan Costescu
Next by Date:  Re: [PATCH] support for Cobalt Networks (x86 only) systems (forrealthis, jamal
Previous by Thread:  Re: removing ip aliases, Harald Welte
Next by Thread:  Re: IPv6+2.4.x: ipv6_local_port_range implementation plans + netfilter6, Andi Kleen
Indexes:  [Date] [Thread] [Top] [All Lists]