31 Jan
2011
31 Jan
'11
2:04 p.m.
On Mon, 31 Jan 2011, Simon Perreault wrote:
The command
# ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
works on CentOS 5.5. And there's no documentation for it in "man ip6tables". So it fits the backport hypothesis...
While it may accept it, you may find it doesn't really work the way it should :) I had made the same assumption and discovered various problems. I ended up replacing it with: -A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT which is what ip6tables ships with. You may need to adjust that port range depending on your apps. Antonio Querubin e-mail/xmpp: tony@lava.net