[Shorewall-users] 2.0 Upgrade issues - IPv6 ?

Tom Eastep teastep at shorewall.net
Mon Mar 15 10:31:32 PST 2004


On Monday 15 March 2004 10:10 am, K.-P. Kirchdörfer wrote:
> Am Montag, 15. März 2004 18:24 schrieb Bill.Light at kp.org:
> > Tried 2.0 - Fairly painless installation - as usual, Tom.
> >
> > Startup does NOT run smoothly:
> >
> > I get an error message about not having a recent version of iptables or
> > not having IPv6
> >
> > rpm -qa | grep iptables
> >
> > iptables-1.2.7a-174
> >
> > In shorewall.conf file I see the blurb about DISABLE_IPV6 and left it at
> > "Yes" - I'm NOT running IPv6 so it looks like that setting will "protect"
> > me from IPv6 attacks....   (I could be reading it wrong)
>
> IMHO; if you don't run ipv6 you you can set it to NO, because it's
> senseless to DROP packages on interfaces you'll never receive anything.

And if ip6tables isn't installed then Shorewall can't use that utility to 
disable IPV6 so setting the variable to Yes is nonsensical. 

I don't understand how Bill upgraded to 2.0 -- his existing shorewall.conf 
file shouldn't have had DISABLE_IPV6 specified at all; if that file is 
retained (which is the default behavior of rpm) then the message that I 
posted earlier should not be issued at all.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list