[CentOS] IPv6, HE tunnel and ip6tables problems

Tue Jan 11 20:45:42 UTC 2011
Ryan Wagoner <rswagoner at gmail.com>

On Tue, Jan 11, 2011 at 3:12 PM, Blake Hudson <blake at ispn.net> wrote:
> I have been waiting for RHEL6/CentOS6 because, as I understand it,
> CentOS5 does not have a statefull IP6 firewall - e.g. incoming traffic
> would have to have a default ACCEPT policy or only specific applications
> allowed (based on source port) on a case by case basis. Perhaps this is
> the issue you are running into. However, I would think you'd receive an
> error attempting to set "--state ESTABLISHED,RELATED" within iptables if
> this were the case.
> I would be delighted if someone could share their experiences with ip6
> and CentOS5, especially from a security or service provider standpoint.

I ended up using Vyatta as my firewall since it fully supports IPv6. I
played around
with ip6tables in CentOS 5.5 and noticed that it seemed to be missing some of
the stateful features like the recent module. Vyatta works flawlessly
with IPv6 and
the config syntax is easier than straight iptables. I'm assuming
CentOS 6 will work
great once it comes out.