Re: [Fwbuilder-discussion] about ip6tables and FWB
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] about ip6tables and FWB
|
From: Vadim K. ✎ <va...@vk...> - 2009-08-23 15:27:02
|
On Aug 23, 2009, at 7:39 AM, Ethy H. Brito wrote: > On Sat, 22 Aug 2009 23:04:22 -0700 > Vadim Kurland ✎ <va...@vk...> wrote: > >> >> On Aug 22, 2009, at 5:37 PM, Ethy H. Brito wrote: >> >>> >>> Hi All >>> >>> two simple (maybe dumb) questions: >>> >>> 1) why FWB (3.0.6 built 1309) complains about invalid netmask when >>> creating objects like ::/128 and ::1/128?? >>> >> >> >> it probably should allow /128 netmask, but then again, if you want to >> configure /128 address then you should be using AddressIPv6 object >> where you don't need to enter netmask > > Nope. if I let it without netmask FWB still complains. > the AddressIPv6 object does not have input field for netmask at all. It looks like you are trying to use NetworkIPv6 object. >>> 2) why my ip6tables rules are not generated at all? For instance >>> rules >>> with mixed IPv4 and IPv6 objects have only its v4 part output. v6 >>> only >>> rules are skipped. Did I miss some "Also generate IPv6 rules" >>> switch? >>> > >> the Policy object should be configured as "combined ipv4 and ipv6 >> rule >> set". To do this double click on the object in the tree and then make >> the change in the dialog in the right hand side panel. > > That solved part of the problem, Vadim. > Some IPv6 rules get output some don´t. > > 1) I have this rule with a 3 IPs host: 2 IPv4 and one IPv6 addrs. > The corresponding rule for IPv6 is not output. > > The rule is: > from: GROUP "SMTP servers" (just one member for now - that 3 IP > machine above) > to: any > interface: Internet > direction: out > Service: smtp, smtps > Stateful rule > Action: accept > > 2) a pure IPv6 rule did not show up: > from: user Network (fe80::/10) and user Address (::) > to: any > interface: internet > direction: inbound > action: DENY > stateless rule > > If this helps I can send fw file. It is just a test I am doing here to > learn FWB behavior under mixed IPv4 and IPv6 environment. > yes, please send the .fwb file Vadim Kurland ✍ va...@vk... |