On Tue, Jan 11, 2011 at 3:12 PM, Blake Hudson <blake at ispn.net> wrote: > > I have been waiting for RHEL6/CentOS6 because, as I understand it, > CentOS5 does not have a statefull IP6 firewall - e.g. incoming traffic > would have to have a default ACCEPT policy or only specific applications > allowed (based on source port) on a case by case basis. Perhaps this is > the issue you are running into. However, I would think you'd receive an > error attempting to set "--state ESTABLISHED,RELATED" within iptables if > this were the case. > > I would be delighted if someone could share their experiences with ip6 > and CentOS5, especially from a security or service provider standpoint. > I ended up using Vyatta as my firewall since it fully supports IPv6. I played around with ip6tables in CentOS 5.5 and noticed that it seemed to be missing some of the stateful features like the recent module. Vyatta works flawlessly with IPv6 and the config syntax is easier than straight iptables. I'm assuming CentOS 6 will work great once it comes out. Ryan