Why has IPv6 support worsend in SUSE 9.3
L.S. Does anyone know why IPv6 support has moved backwards in SUSE 9.3? This has made me seriously move to *BSD for my SOHO firewall/router/server box. It was almoste perfect in 9.2 but in 9.3 we are back to a level that looks like pre millenium support for IPv4!! BB, Arjen
On Tue, May 31, 2005 at 10:57:56PM +0200, Arjen Runsink wrote:
Does anyone know why IPv6 support has moved backwards in SUSE 9.3?
This has made me seriously move to *BSD for my SOHO firewall/router/server box.
It was almoste perfect in 9.2 but in 9.3 we are back to a level that looks like pre millenium support for IPv4!!
Can you please elaborate? I'm not using IPv6 much but I didn't notice anything relevant from 9.2 to 9.3. Ciao Joerg -- Joerg Mayer <jmayer@loplof.de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.
On Tuesday 31 May 2005 23:11, Joerg Mayer wrote:
It was almoste perfect in 9.2 but in 9.3 we are back to a level that looks like pre millenium support for IPv4!!
Can you please elaborate? I'm not using IPv6 much but I didn't notice anything relevant from 9.2 to 9.3.
The SUSE kernel in 9.2 has statefull package filtering/connection tracking. The only thing that did not work as supposed was to rejet packages. All filtered were silently dropped. In 9.3 we are back to stateless packet filtering/connectiontracking. As I happen to use this on my /48 ipv6 network, a safe filtered environment for my ipv6 machines behind the 9.3 soho router/firewall is out of the question for me atm. BB, Arjen
Arjen Runsink wrote:
On Tuesday 31 May 2005 23:11, Joerg Mayer wrote:
It was almoste perfect in 9.2 but in 9.3 we are back to a level that looks like pre millenium support for IPv4!!
Can you please elaborate? I'm not using IPv6 much but I didn't notice anything relevant from 9.2 to 9.3.
The SUSE kernel in 9.2 has statefull package filtering/connection tracking. The only thing that did not work as supposed was to rejet packages. All filtered were silently dropped.
In 9.3 we are back to stateless packet filtering/connectiontracking. As I happen to use this on my /48 ipv6 network, a safe filtered environment for my ipv6 machines behind the 9.3 soho router/firewall is out of the question for me atm.
Unfortunately the netfilter code changed a lot between the 9.2 and 9.3 kernel and stateful IPv6 filtering is not in mainline. The effort of porting the patches for stateful IPv6 was considered too high for 9.3. If you need stateful IPv6 you better stick with 9.2 and skip 9.3 :-( cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
participants (3)
-
Arjen Runsink
-
Joerg Mayer
-
Ludwig Nussel