Leonid Isaev wrote:
Sorry, I lost you OP:)
Anyway, SuSEFirewall2 is just another frontend to iptables. The relevant file to look at, I believe, is /sbin/susefirewall, which is a shell script. There is indeed some IPv4 -- IPv6 asymmetry, which is related to the fact that older kernels didn;t have statefull IPv6 filtering (I can be wrong here).
Yep, it appears it doesn't do much for IPv6. I posted my susefirewall config file in another message.
The current state of the firewall is given by "iptables -L -v" and "ip6tables -L -v". You can save this state by doing iptables-save> /path/to/file, and then iptables-restore< /path/to/file on startup.
Just curious, are you saying that there are IPv6-only sites on the web?
Yes, one such is ipv6.google.com. I realize this isn't a good example, but over in Asia there simply are not enough IPv4 addresses available (most IPv4 addresses are used in North America) so many people there only have IPv6 available. I also read an article recently about how Comcast, in the U.S., has started switching to IPv6 because there's simply not enough addresses available in the entire RFC 1918 private address ranges to manage all the equipment on their network. With IPv4 they have to segment the network into sections, each running it's own pool of addresses, which causes problems for network management. IPv4 has been dead for years. People just haven't noticed the stink yet. Hacks, such as NAT, are simply a bandaid on the problem, when major surgery is required. In the process, those hacks introduce other problems. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org