SuSEfirewall2 complains on "ip6table_mangle"...
(I sent this already to "suse-linux-e@suse.com", but didn't get any answer; I just hope, that here someone can give me advice...) Hi All, I thought, that everything is just OK with my ip6 settings under my SUSE 9.1, but very recently my firewall started to complain concerning "ip6table_mangle": Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091 buckets, 32728 max) - 300 bytes per conntrack Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter `ip6table_mangle' I did the changes written by SUSE, how to disable ip6 networking, so in etc/modprobe.conf stands now: alias net-pf-10 ipv6 install ipv6 /bin/true Additionally in my /etc/sysconfig/SuSEfirewall2 is: FW_IPv6="drop" FW_IPv6_REJECT_OUTGOING="yes" Could you please suggest me a way how to block ipv6 completely, but avoid the above mentioned error message in the same time?! Do I actually need ip6_tables to be loaded?! (The machine is a stand-alone PC sometimes with eth0 via ip4, and sometimes with ppp0 via single dial-up...) Thanks in advance, Peli
Peli wrote:
I thought, that everything is just OK with my ip6 settings under my SUSE 9.1, but very recently my firewall started to complain concerning "ip6table_mangle":
Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091 buckets, 32728 max) - 300 bytes per conntrack Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter `ip6table_mangle'
I did the changes written by SUSE, how to disable ip6 networking, so in etc/modprobe.conf stands now: alias net-pf-10 ipv6 install ipv6 /bin/true
You try to disable ipv6 here.
Additionally in my /etc/sysconfig/SuSEfirewall2 is: FW_IPv6="drop" FW_IPv6_REJECT_OUTGOING="yes"
But you tell SuSEfirewall2 to use it at the same time.
Could you please suggest me a way how to block ipv6 completely, but avoid the above mentioned error message in the same time?! Do I actually need ip6_tables to be loaded?!
Set FW_IPv6=no if you don't want any IPv6 packet filtering. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX AG, Development V_/_ http://www.suse.de/
On Mon, 18 Oct 2004 11:21:14 +0200 Ludwig Nussel <xxxxxxxx@yyyy.zz> wrote:
Peli wrote:
I thought, that everything is just OK with my ip6 settings under my SUSE 9.1, but very recently my firewall started to complain concerning "ip6table_mangle":
Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091 buckets, 32728 max) - 300 bytes per conntrack Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter `ip6table_mangle'
I did the changes written by SUSE, how to disable ip6 networking, so in etc/modprobe.conf stands now: alias net-pf-10 ipv6 install ipv6 /bin/true
You try to disable ipv6 here.
Additionally in my /etc/sysconfig/SuSEfirewall2 is: FW_IPv6="drop" FW_IPv6_REJECT_OUTGOING="yes"
But you tell SuSEfirewall2 to use it at the same time.
Could you please suggest me a way how to block ipv6 completely, but avoid the above mentioned error message in the same time?! Do I actually need ip6_tables to be loaded?!
Set FW_IPv6=no if you don't want any IPv6 packet filtering.
cu Ludwig
Hi Ludwig, Thanks for your reply! I did as you suggested: simply defined FW_IPv6=no under YAST, but even after a restart the known error-message is still there:( I also tried to modify the firewall settings, and put not "ppp0 eth-id-00:c0:9f:3b:7c:d0", but "ppp0 eth0" there as external interface, without any recognizable effect:( Peli
Peli wrote:
On Mon, 18 Oct 2004 11:21:14 +0200 Ludwig Nussel <xxxxxxxx@yyyy.zz> wrote:
Peli wrote:
I thought, that everything is just OK with my ip6 settings under my SUSE 9.1, but very recently my firewall started to complain concerning "ip6table_mangle":
Sep 21 21:47:32 khazad-dum kernel: ip6_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_tables: (C) 2000-2002 Netfilter core team Sep 21 21:47:32 khazad-dum kernel: ip_conntrack version 2.1 (4091 buckets, 32728 max) - 300 bytes per conntrack Sep 21 21:47:32 khazad-dum kernel: ip6table_filter: Unknown parameter `ip6table_mangle' [...] Could you please suggest me a way how to block ipv6 completely, but avoid the above mentioned error message in the same time?! Do I actually need ip6_tables to be loaded?!
Set FW_IPv6=no if you don't want any IPv6 packet filtering. [...] I did as you suggested: simply defined FW_IPv6=no under YAST, but even after a restart the known error-message is still there:(
The message is harmless. SuSEfirewall2 loads ip6table_filter and ip6table_mangle even if you set IPv6=no. It doesn't generate any rules though so it doesn't harm. If the messages really disturb you, you can uncomment the modprobe line in /sbin/SuSEfirewall2.
I also tried to modify the firewall settings, and put not "ppp0 eth-id-00:c0:9f:3b:7c:d0", but "ppp0 eth0" there as external interface, without any recognizable effect:(
Of course. That has nothing to do with ipv6. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX AG, Development V_/_ http://www.suse.de/
Hi Ludwig, I'm sorry to be extreme hard-headed, but I would have still a short question concerning this IPv6 topic. I commented out this line in /sbin/SuSEfirewall2 : modprobe ip6table_filter ip6table_mangle and the previously mentioned error-message disappeared! But in the same time I tried this command as root from a shell, and immediately got an error-message: khazad-dum # modprobe ip6table_filter ip6table_mangle FATAL: Error inserting ip6table_filter (/lib/modules/2.6.5-7.108-default/kernel/net/ipv6/netfilter/ip6table_fi lter.ko): Unknown symbol in module, or unknown parameter (see dmesg) Interestingly when I cut this command to two pieces, there was no error-message at all: khazad-dum: # modprobe ip6table_filter khazad-dum: # modprobe ip6table_mangle Could it be, that in /sbin/SuSEfirewall2 the line I detailed would be rather put on TWO distinct modprobe lines, or do I miss an important point?! Thanks for your help, Peli
Peli wrote:
[...] Interestingly when I cut this command to two pieces, there was no error-message at all: khazad-dum: # modprobe ip6table_filter khazad-dum: # modprobe ip6table_mangle
Could it be, that in /sbin/SuSEfirewall2 the line I detailed would be rather put on TWO distinct modprobe lines, or do I miss an important point?!
Yes but since you have IPv6 disabled you don't need to load them anyways. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX AG, Development V_/_ http://www.suse.de/
participants (2)
-
Ludwig Nussel -
Peli