OpenWrt Forum Archive

Topic: module state in ip6tables

The content of this topic has been archived on 7 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
thierry_b
16 Dec 2007, 09:56

Hello,

I have 2 routers:

- one with whiterussian which is my principal router
-one with kamikaze to make some tests

Since few days, the french adsl operator free give us the possibility to have ipv6, it gives us a xxx/64 bloc.

My router manages to have an ipv6 on his wan interface, and now I have to give ipv6 adresses of the computers of my lan xith radvd.

So I try to do rules with ip6tables.

I remark that I can't use the module state in ip6tables (in whiterussian rc5 and kamikaze 7.09), which is essential for me to share the ipv6 connection, because in default, all is isopen, so I prefere block all, and open what I need.

Is it possible to do that and if not, how rules can  I make to replace that?

PS: I post that in whiterussian and kamikaze section, because I have both.

Thanks.

(Last edited by thierry_b on 16 Dec 2007, 10:00)

Post #2
thierry_b
31 Dec 2007, 13:22

Hello,

Some news about that, to have a stateful firewall in ipv6 with ip6tables + wifi for broadcom devices?

For the moment, in my FORWARD rules, i block for all ports < 1024 and in my clients which are under Debian I can use the stateful firewall in ipv6 with ip6tables

And when I want to authorize a port for an ipv6 machine, I put a rule in my routeur + a rule in the concerned client :-(.

Thanks :-)

The discussion might have continued from here.