-------- Original Message -------- Subject: [CentOS] IPv6, HE tunnel and ip6tables problems From: Stephen Harris <lists at spuddy.org> To: CentOS mailing list <centos at centos.org> Date: Tuesday, January 11, 2011 1:09:25 PM > CentOS 5.5, fully patched. > > I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty > well and is simple to setup. Everything works fine. > > Until I try to set up an ip6tables firewall. > ... > It might be that I need to compile a generic kernel; apparently > > 2.6.20 fixes a number of ip6tables issues; CentOS 5 is based on 2.6.18. > > Maybe CentOS 6 (*nudge nudge*) will work :-) > > I'm not sure I want to leave my home network on IPv6 without a firewall; > not sure I trust all the machines I have on local network to be safe > from remote probes! > > I wonder if anyone has any suggestions... > > Thanks! > I have been waiting for RHEL6/CentOS6 because, as I understand it, CentOS5 does not have a statefull IP6 firewall - e.g. incoming traffic would have to have a default ACCEPT policy or only specific applications allowed (based on source port) on a case by case basis. Perhaps this is the issue you are running into. However, I would think you'd receive an error attempting to set "--state ESTABLISHED,RELATED" within iptables if this were the case. I would be delighted if someone could share their experiences with ip6 and CentOS5, especially from a security or service provider standpoint. --Blake