I am running multiple IPv6 subnets here in my testbed. My IPv6 'router' is a Centos box with IPv6forwarding turned on. It is also my RADVD server (over multiple VLans), and Miredo server/relay. I thought I had a simple ip6table setup that protected the box and let it forward. Well I am wrong. I got my previous DNS over IPv6 working on the DNS server, then tried to get it working from another box. After a couple hours fighting with it, I finally figured out that my Centos IPv6 router was rejecting the IPv6DNS queries, not forwarding them. I turned off ip6tables and the DNS lookups worked just fine. So I thought, well Shorewall6 beta is out, let's go with it already. I check out the shorewall discussions and discover you need at least the 2.6.25 kernel for Shorewall6. When I mentioned my dilemma, I was told that "2.6.18 doesn't support stateful IPv6 firewalling at all!" Just great...... When is that Centos 6 going to happen???? :( Anyway, the challenge for now: What do I put into ip6tables so that any IPv6 traffic that comes in any of the vlans on eth1 can go out any of the vlans on eth1?