[CentOS] Re: Learning some sad things about the state of IPv6

Fri May 30 18:13:08 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 5-30-2008 6:38 AM Robert Moskowitz spake the following:
> Matt Shields wrote:
>> On Fri, May 30, 2008 at 6:23 AM, Karanbir Singh 
>> <mail-lists at karan.org> wrote:
>>> Christopher Chan wrote:
>>>> The OP is not saying there is no ipv6 netfilter support. He said that
>>>> there is no ipv6 state netfilter module or something like that.
>>> In which case either you dont know what the OP is talking about, or he
>>> doesnt know what he asked :D
>> Exactly!!!  What he's complaining about is the lack of lazy-man's GUI
>> tool to configure ip6tables.
> Not so much as complaining, but looking at easy-of-use and time allocation.
> I have done iptables by hand and have used a few tools. One thing I like 
> about the tools I have found helpful is they have been good 'quick 
> starts' for learning what to do by hand!
> But my source is: 
> http://www.guug.de/veranstaltungen/ecai6-2007/slides/2007-ECAI6-Status-IPv6-Firewalling-PeterBieringer-Talk.pdf 
> Peter, who has been involved with IPv6 for a long time, covers NetFilter 
> on slide 8 and claims stateful support added in 2.6.20. Elsewhere I 
> found a reference that RHel would get this end-of-year 2008, and Fedora 
> Core 6 has it now. I looked in my /boot and saw that Centos is using 
> 2.6.18, and I concluded from all this that I would have to work with FC6 
> for the next half year. Seems this conclusion is mis-informed if this 
> NetFilter feature got backported already....
>> Are you absolutely sure that FWBuilder doesn't support IPv6?  Because
>> here there a release note
>> http://www.fwbuilder.org/docs/firewall_builder_release_notes.html
>> referring to ip6tables.
> I also saw that FWBuilder supports IPv6. But if the kernel only supports 
> stateless, then that is all you can do with FWBuider, I would think. My 
> one review of FWBuilder was that it was more than I needed at the time 
> and Shorewall would handle my needs for my one VoIP firewall. Well I 
> learned a lot using Shorewall. And Shorewall does NOT have IPv6 support, 
> I asked on their list.
> So now I go and build a box and see if I got enough to get the job done.
There is one thing to remember about Enterprise RedHat; you can't just assume 
what is in it by package version numbers alone. You have to read changelogs, 
and sometimes the patches themselves. Or just try it and see if it works or not.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080530/6732556b/attachment-0005.sig>