Patrick Shanahan wrote:
* C. Brouerius van Nidek <constant@indo.net.id> [09-03-05 07:37]:
Starting Firewall Initialization (phase 2 of 2) SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Your system does not support ipv6. Do a google search 'site:suse.com
Not true, Patrick. This warning message only happens if the kernel *does* support ipv6, but the ipv6 state matching module is not available. "State matching" means determining if a packet is a NEW connection, if it is RELATED to another established connection, or if it is part of an ESTABLISHED connection (and, if done as part of connection tracking, if it is a NAT translated packet). I always thought ip6tables does support state matching, but I find that the necessary module, ip6t_state, does not even exist on my system (no connection tracking modules for ipv6 either, for that matter). Maybe for some reason it just isn't compiled into the SuSE kernel, because the manpage for ip6tables does suggest that state matching is supported -- it works great in iptables. For Constant: I don't think you will be able to get rid of the warning message ("... extended support disabled") but you can get rid of the other stuff. Go into Yast, System, /etc/sysconfig editor, then set all the following variables to "no": Desktop/KDE_USES_IPV6 Network/Firewall/FW_IPV6 Hardware/Config/USE_IPV6 Also in /etc/modprobe.conf you will find the following lines (well, you actually don't need to --find-- either one :) ) -- alias sit0 ipv6 alias net-pf-10 ipv6 One of these lines is responsible for the ipv6 module being loaded somewhere in the boot process, and you don't need it at all. Add a line "install ipv6 /bin/true" to /etc/modprobe.conf.local which should prevent the ipv6 module from being loaded at all. I am not sure if this is actually necessary -- I didn't add it in, but the ipv6 module is still being loaded on my system, and rmmod says it is in use when I try to remove it. It's just that you don't need the ipv6 module loaded, it isn't being used and just takes up memory.