On 01/19/2011 03:52 PM, James Knott wrote:
Togan Muftuoglu wrote:
you should see 1 if this box is doing ipv6 forwarding
You seem to have forgotten the original problem. It wasn't getting IPv6 going. It works fine. The problem is the firewall appears to work only with IPv4. When I run nmap for IPv4, it shows only ssh and imaps open, as it should. But with IPv6, several ports are open that shouldn't be. In the example which I included with my previous message, it shows other examples, including one that allows only ssh to pass in both directions with IPv6. This isn't what I want. I should be able to filter incoming, while leaving outgoing wide open, as occurs with IPv4.
Sorry about that. You can do two things to narrow down the problem 1) run as "SuSEfirewall2 test" generate and load the filter rules but do not drop any packet but log to syslog anything which *would* be denied (I would not suggest it though) OR 2) set the following to as follows and run "SuSEfirewall2" as this option still provides the protection but logs all the packets. FW_LOG_ACCEPT_ALL="yes" FW_LOG_DROP_ALL="yes" FW_LOG_LIMIT="no" After deciding your approach run the nmap test ( I assume you are running it from outside the firewall) and check the logs. It should give more clue. Once your test is done change the above back to original as they do cause lots of logging. HTH Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org