Arjen Runsink wrote:
On Tuesday 31 May 2005 23:11, Joerg Mayer wrote:
It was almoste perfect in 9.2 but in 9.3 we are back to a level that looks like pre millenium support for IPv4!!
Can you please elaborate? I'm not using IPv6 much but I didn't notice anything relevant from 9.2 to 9.3.
The SUSE kernel in 9.2 has statefull package filtering/connection tracking. The only thing that did not work as supposed was to rejet packages. All filtered were silently dropped.
In 9.3 we are back to stateless packet filtering/connectiontracking. As I happen to use this on my /48 ipv6 network, a safe filtered environment for my ipv6 machines behind the 9.3 soho router/firewall is out of the question for me atm.
Unfortunately the netfilter code changed a lot between the 9.2 and 9.3 kernel and stateful IPv6 filtering is not in mainline. The effort of porting the patches for stateful IPv6 was considered too high for 9.3. If you need stateful IPv6 you better stick with 9.2 and skip 9.3 :-( cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/