about ip6tables and FWB
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
about ip6tables and FWB
by Ethy H. Brito-2
::
Rate this Message:
Hi All two simple (maybe dumb) questions: 1) why FWB (3.0.6 built 1309) complains about invalid netmask when creating objects like ::/128 and ::1/128?? 2) why my ip6tables rules are not generated at all? For instance rules with mixed IPv4 and IPv6 objects have only its v4 part output. v6 only rules are skipped. Did I miss some "Also generate IPv6 rules" switch? Cheers -- Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3797-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: about ip6tables and FWB
by Vadim Kurland ✎
::
Rate this Message:
On Aug 22, 2009, at 5:37 PM, Ethy H. Brito wrote: > > Hi All > > two simple (maybe dumb) questions: > > 1) why FWB (3.0.6 built 1309) complains about invalid netmask when > creating objects like ::/128 and ::1/128?? > it probably should allow /128 netmask, but then again, if you want to configure /128 address then you should be using AddressIPv6 object where you don't need to enter netmask > 2) why my ip6tables rules are not generated at all? For instance rules > with mixed IPv4 and IPv6 objects have only its v4 part output. v6 only > rules are skipped. Did I miss some "Also generate IPv6 rules" switch? > the Policy object should be configured as "combined ipv4 and ipv6 rule set". To do this double click on the object in the tree and then make the change in the dialog in the right hand side panel. Vadim Kurland ✍ vadim@... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: about ip6tables and FWB
by Ethy H. Brito-2
::
Rate this Message:
On Sat, 22 Aug 2009 23:04:22 -0700
Vadim Kurland ✎ <vadim@...> wrote: > > On Aug 22, 2009, at 5:37 PM, Ethy H. Brito wrote: > > > > > Hi All > > > > two simple (maybe dumb) questions: > > > > 1) why FWB (3.0.6 built 1309) complains about invalid netmask when > > creating objects like ::/128 and ::1/128?? > > > > > it probably should allow /128 netmask, but then again, if you want to > configure /128 address then you should be using AddressIPv6 object > where you don't need to enter netmask Nope. if I let it without netmask FWB still complains. > > 2) why my ip6tables rules are not generated at all? For instance rules > > with mixed IPv4 and IPv6 objects have only its v4 part output. v6 only > > rules are skipped. Did I miss some "Also generate IPv6 rules" switch? > > > the Policy object should be configured as "combined ipv4 and ipv6 rule > set". To do this double click on the object in the tree and then make > the change in the dialog in the right hand side panel. That solved part of the problem, Vadim. Some IPv6 rules get output some don´t. 1) I have this rule with a 3 IPs host: 2 IPv4 and one IPv6 addrs. The corresponding rule for IPv6 is not output. The rule is: from: GROUP "SMTP servers" (just one member for now - that 3 IP machine above) to: any interface: Internet direction: out Service: smtp, smtps Stateful rule Action: accept 2) a pure IPv6 rule did not show up: from: user Network (fe80::/10) and user Address (::) to: any interface: internet direction: inbound action: DENY stateless rule If this helps I can send fw file. It is just a test I am doing here to learn FWB behavior under mixed IPv4 and IPv6 environment. Regards Ethy ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: about ip6tables and FWB
by Vadim Kurland ✎
::
Rate this Message:
On Aug 23, 2009, at 7:39 AM, Ethy H. Brito wrote: > On Sat, 22 Aug 2009 23:04:22 -0700 > Vadim Kurland ✎ <vadim@...> wrote: > >> >> On Aug 22, 2009, at 5:37 PM, Ethy H. Brito wrote: >> >>> >>> Hi All >>> >>> two simple (maybe dumb) questions: >>> >>> 1) why FWB (3.0.6 built 1309) complains about invalid netmask when >>> creating objects like ::/128 and ::1/128?? >>> >> >> >> it probably should allow /128 netmask, but then again, if you want to >> configure /128 address then you should be using AddressIPv6 object >> where you don't need to enter netmask > > Nope. if I let it without netmask FWB still complains. > the AddressIPv6 object does not have input field for netmask at all. It looks like you are trying to use NetworkIPv6 object. >>> 2) why my ip6tables rules are not generated at all? For instance >>> rules >>> with mixed IPv4 and IPv6 objects have only its v4 part output. v6 >>> only >>> rules are skipped. Did I miss some "Also generate IPv6 rules" >>> switch? >>> > >> the Policy object should be configured as "combined ipv4 and ipv6 >> rule >> set". To do this double click on the object in the tree and then make >> the change in the dialog in the right hand side panel. > > That solved part of the problem, Vadim. > Some IPv6 rules get output some don´t. > > 1) I have this rule with a 3 IPs host: 2 IPv4 and one IPv6 addrs. > The corresponding rule for IPv6 is not output. > > The rule is: > from: GROUP "SMTP servers" (just one member for now - that 3 IP > machine above) > to: any > interface: Internet > direction: out > Service: smtp, smtps > Stateful rule > Action: accept > > 2) a pure IPv6 rule did not show up: > from: user Network (fe80::/10) and user Address (::) > to: any > interface: internet > direction: inbound > action: DENY > stateless rule > > If this helps I can send fw file. It is just a test I am doing here to > learn FWB behavior under mixed IPv4 and IPv6 environment. > yes, please send the .fwb file Vadim Kurland ✍ vadim@... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
| Free embeddable forum powered by Nabble | Forum Help |
