http://bugzilla.suse.com/show_bug.cgi?id=1099698 http://bugzilla.suse.com/show_bug.cgi?id=1099698#c12 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #12 from Jiri Slaby <jslaby@suse.com> --- Now I have:
6 624 ACCEPT icmpv6 * * ::/0 ::/0 ctstate NEW
The problem is that only few icmpv6 traffic is managed by conntrack. Hence, packets with the UNTRACKED state are dropped unless I add a custom rule '-p icmpv6 -j ACCEPT' (with no ctstate checking):
$ ip6tables -L -vn|grep icmpv6 26 1800 LOG icmpv6 * * ::/0 ::/0 ctstate UNTRACKED LOG flags 0 level 4 prefix "XXUNTR" 0 0 LOG icmpv6 * * ::/0 ::/0 ctstate NEW LOG flags 0 level 4 prefix "XXNEW" 0 0 LOG icmpv6 * * ::/0 ::/0 ctstate RELATED LOG flags 0 level 4 prefix "XXRELA" 0 0 LOG icmpv6 * * ::/0 ::/0 ctstate ESTABLISHED LOG flags 0 level 4 prefix "XXESTE" 0 0 LOG icmpv6 * * ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "XXINVA" 6 624 ACCEPT icmpv6 * * ::/0 ::/0 ctstate NEW 195 13736 ACCEPT icmpv6 * * ::/0 ::/0
-- You are receiving this mail because: You are on the CC list for the bug.