Matt Shields wrote: > On Fri, May 30, 2008 at 6:23 AM, Karanbir Singh <mail-lists at karan.org> wrote: > >> Christopher Chan wrote: >> >>> The OP is not saying there is no ipv6 netfilter support. He said that >>> there is no ipv6 state netfilter module or something like that. >>> >> In which case either you dont know what the OP is talking about, or he >> doesnt know what he asked :D >> >> > Exactly!!! What he's complaining about is the lack of lazy-man's GUI > tool to configure ip6tables. > Not so much as complaining, but looking at easy-of-use and time allocation. I have done iptables by hand and have used a few tools. One thing I like about the tools I have found helpful is they have been good 'quick starts' for learning what to do by hand! But my source is: http://www.guug.de/veranstaltungen/ecai6-2007/slides/2007-ECAI6-Status-IPv6-Firewalling-PeterBieringer-Talk.pdf Peter, who has been involved with IPv6 for a long time, covers NetFilter on slide 8 and claims stateful support added in 2.6.20. Elsewhere I found a reference that RHel would get this end-of-year 2008, and Fedora Core 6 has it now. I looked in my /boot and saw that Centos is using 2.6.18, and I concluded from all this that I would have to work with FC6 for the next half year. Seems this conclusion is mis-informed if this NetFilter feature got backported already.... > Are you absolutely sure that FWBuilder doesn't support IPv6? Because > here there a release note > http://www.fwbuilder.org/docs/firewall_builder_release_notes.html > referring to ip6tables. > I also saw that FWBuilder supports IPv6. But if the kernel only supports stateless, then that is all you can do with FWBuider, I would think. My one review of FWBuilder was that it was more than I needed at the time and Shorewall would handle my needs for my one VoIP firewall. Well I learned a lot using Shorewall. And Shorewall does NOT have IPv6 support, I asked on their list. So now I go and build a box and see if I got enough to get the job done.