Subj : My turn for testing IPv6... To : RJ Clay From : Benny Pedersen Date : Sun Aug 02 2015 14:15:32 Hello RJ! 02 Aug 2015 05:29, RJ Clay wrote to All: RC> ftn.rocasa.org IPv4 & IPv6 RC> ftn6.rocasa.org IPV6 only RC> If anyone happens to test that, I'd appreciate hearing how it goes... do you use shorewall ?, it have nice support for ipv6 :=) ----- ipv6 begins ----- Shorewall6 4.6.10.1 filter Table at linode - søn aug 2 13:17:14 BST 2015 Counters reset ons jul 29 23:51:36 BST 2015 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 87385 88M net-fw all eth0 * ::/0 ::/0 886K 199M ACCEPT all lo * ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 80174 15M fw-net all * eth0 ::/0 ::/0 886K 199M ACCEPT all * lo ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */ 10251 1066K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */ 893 64296 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */ 2416 174K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */ Chain Broadcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ff00::/8 Chain Drop (1 references) pkts bytes target prot opt in out source destination 0 0 reject tcp * * ::/0 ::/0 tcp dpt:113 /* Auth */ 13560 1304K AllowICMPs icmpv6 * * ::/0 ::/0 39 4603 Broadcast all * * ::/0 ::/0 8 520 DROP all * * ::/0 ::/0 ctstate INVALID 0 0 DROP udp * * ::/0 ::/0 multiport dports 135,445 /* SMB */ 0 0 DROP udp * * ::/0 ::/0 udp dpts:137:139 /* SMB */ 0 0 DROP udp * * ::/0 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 1 60 DROP tcp * * ::/0 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP tcp * * ::/0 ::/0 tcp flags:!0x17/0x02 23 3552 DROP udp * * ::/0 ::/0 udp spt:53 /* Late DNS Replies */ Chain Reject (3 references) pkts bytes target prot opt in out source destination 0 0 reject tcp * * ::/0 ::/0 tcp dpt:113 /* Auth */ 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 ctstate INVALID 0 0 reject udp * * ::/0 ::/0 multiport dports 135,445 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp dpts:137:139 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 reject tcp * * ::/0 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP tcp * * ::/0 ::/0 tcp flags:!0x17/0x02 0 0 DROP udp * * ::/0 ::/0 udp spt:53 /* Late DNS Replies */ Chain dynamic (1 references) pkts bytes target prot opt in out source destination Chain fw-net (1 references) pkts bytes target prot opt in out source destination 42344 12M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 37830 3509K ACCEPT all * * ::/0 ::/0 Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ::/0 Chain logflags (5 references) pkts bytes target prot opt in out source destination 0 0 LOG all * * ::/0 ::/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:" 0 0 DROP all * * ::/0 ::/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 reject all * * ::/0 ::/0 Chain net-fw (1 references) pkts bytes target prot opt in out source destination 14642 1384K dynamic all * * ::/0 ::/0 ctstate INVALID,NEW,UNTRACKED 44050 80M tcpflags tcp * * ::/0 ::/0 72743 87M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 1 104 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 /* Ping */ 13599 1309K Drop all * * ::/0 ::/0 7 471 DROP all * * ::/0 ::/0 Chain reject (10 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ff00::/8 ::/0 0 0 DROP 2 * * ::/0 ::/0 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain sha-lh-44cf7217d9c279b3103e (0 references) pkts bytes target prot opt in out source destination Chain sha-rh-4072bfdbdad509b043f3 (0 references) pkts bytes target prot opt in out source destination Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all * * ::/0 ::/0 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Chain tcpflags (1 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x29 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x00 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x06/0x06 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x03/0x03 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp spt:0 flags:0x17/0x02 ----- ipv6 ends ----- i have binkp on linode but its firewalled to still keep it simple, but if you still miss shorewall try it Regards Benny .... there can only be one way of life, and it works :) --- Msged/LNX 6.2.0 (Linux/4.0.5-gentoo (i686)) * Origin: duggi.junc.org where qico is waiting (1:261/38.20) .