[135996] in North American Network Operators' Group
Re: Ipv6 for the content provider
daemon@ATHENA.MIT.EDU (Randy McAnally)
Mon Jan 31 13:30:37 2011
From: "Randy McAnally" <rsm@fast-serv.com>
To: Blake Hudson <blake@ispn.net>,nanog@nanog.org
Date: Mon, 31 Jan 2011 13:29:18 -0500
In-Reply-To: <4D46F712.2010407@ispn.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 31 Jan 2011 11:53:22 -0600, Blake Hudson wrote
> > # ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> I guess the next question is whether or not it actually works correctly....
You can open/shut ports but you can't do anything with connection state
(RELATED, ESTABLISHED, ect). For example, you have to open all upper inbound
ports manually if you want to complete outbound connections.
The solution is to manually build your own kernel from a vanilla source, along
with all the problems that entails.
~Randy
