Arjen Runsink wrote:
As far as I know not mentioned elsewhere yet. I found this using the linux adagium "use the source".
The SuSEfirewall2 says that IPv6 is not supported in the script and that is because connection tracking is not yet in the kernel.
Well, that is not exactly true. The kernel with 9.2 does support it (marked experimental). And the script does too!
How to get it working.. easy:
in /etc/sysconfig/SuSEfirewall2 set:
FW_IPv6="yes"
or to anything else then "no", "drop" or "reject"
SuSEfirwewall2 is supposed to automatically detect whether IPv6 support is available if FW_IPv6 is empty (which is the default). Does that not work for you? Did you maybe update from some older version and therefore have old comments in /etc/sysconfig/SuSEfirewall2?
and
FW_IPv6_REJECT_OUTGOING="no"
This variable only matters if stateful ipv6 filtering is not supported by the kernel/ip6tables.
This works if you have native IPv6 _and_ IPv4 on the same device(s) (internal and or from isp) If you have an IPv6 over IPv4 tunnel you need to do the following extra items. This is necessary because the script logic cannot handle device detection/verification for pure IPv6 devices yet. So also change the following:
You can find SuSEfirewall2 beta versions in people/lnussel on the ftp server btw. I changed the way interfaces are detected so v6-only interfaces should work as well now. Feedback welcome. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/