Default ip6tables rules
Dawid Gajownik
gajownik at gmail.com
Mon Oct 16 18:12:07 UTC 2006
Hi!
My University got few weeks ago IPv6 addresses from RIPE so I have now
chance to test IPv6 protocol :-) I started searching for IPv6 enabled
hosts in the Internet. ping6 worked, so had traceroute6. I could not
connect to ftp/www sites, though. I started wireshark and noticed, that
apps do not finish three-way handshake (no ACK packet). Disabling
ip6tables service resolved the problem...
Is something wrong with my box (network rawhide installation from 13
October) or these are normal firewall settings?
[root at viper ~]# service ip6tables status
Tablica: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all ::/0 ::/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all ::/0 ::/0
2 ACCEPT icmpv6 ::/0 ::/0
3 ACCEPT esp ::/0 ::/0
4 ACCEPT ah ::/0 ::/0
5 ACCEPT udp ::/0 ff02::fb/128 udp
dpt:5353
6 ACCEPT udp ::/0 ::/0 udp dpt:631
7 ACCEPT tcp ::/0 ::/0 tcp dpt:631
8 ACCEPT all ::/0 ::/0 state
RELATED,ESTABLISHED
9 ACCEPT tcp ::/0 ::/0 state
NEW tcp dpt:22
10 DROP all ::/0 ::/0
[root at viper ~]#
BTW I noticed that Firefox does not try to use IPv6 addresses before
IPv4 ones O_o
Regards,
Dawid
--
^_*
More information about the fedora-test-list
mailing list