#7 Enable IPv6 support for SuSEfirewall2

[Arjen Runsink]

As far as I know not mentioned elsewhere yet.

I found this using the linux adagium "use the source".

The SuSEfirewall2 says that IPv6 is not supported in the
script and that is because connection tracking is not yet in
the kernel.

Well, that is not true! The kernel with 9.2 does support it
(marked experimental). And the script does too!

How to get it working.. easy:

in /etc/sysconfig/SuSEfirewall2 set:

FW_IPv6="yes"

or to anything else then "no", "drop" or "reject"
and

FW_IPv6_REJECT_OUTGOING="no"

This works if you have native IPv6 _and_ IPv4 on the same
device(s) (internal and or from isp)
If you have a IPv6-over-IPv4 tunnel you need to do the
following extra items. This is necessary because the script
logic cannot handle device detection/verification for pure
IPv6 devices yet. So also change the following:

FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

If that file is not there, you can copy it
from /usr/share/doc/packages/SuSEfirewall2

And in that file add the following lines in the section
fw_custom_before_antispoofing()

ip6tables -A INPUT -j input_ext -i <tunnel device name
goes here>
ip6tables -A FORWARD -j forward_ext -i <tunnel device
name goes here>

restart the firewall and that did it for me