http://www.netfilter.org/projects/iptables/files/changes-iptables-1.3.5.txt states that in
1.3.4 the state and conntrack modules for ipv6 were enabled.
http://archives.free.net.ph/message/20060118.061509.2b74ef18.en.html
seems to suggest that the kernel now has it enabled.
Is there any reason why Fedora Rawhide still does not have iptables
conntracking and state matching for ipv6?
Trever Adams
On Tue, 2005-08-23 at 22:17 -0600, Trever L. Adams wrote:
During the FC4 development cycle I mistakenly asked for 2.6.12 to be
included because it "had" the ip_conntrack for ipv6. This was based on
something I read. It turns out the person was misquoting. The USAGI
project was promising this for a patch for 2.6.12. It was never included
at least to my knowledge.
My wish list for FC5 includes the following:
TARPIT target for IPTABLES (I think it is already included).
connlimit (and friends) matching for the kernel, this exists in
documentation but has not yet made the mainstream kernel. Help should be
given to get it there and it should be included.
ip6_conntrack (or whatever it's name is) should be given similar help
and should be included.
Other than that, most of my wishes are ready being addressed. I do think
these are very important for both desktop and server/firewall machines.
Thank you,
Trever Adams
--
"I conceive that a great part of the miseries of mankind are brought
upon them by the false estimates they have made of the value of things."
-- Benjamin Franklin
--
"When they took the fourth amendment, I was quiet because I didn't deal
drugs. When they took the sixth amendment, I was quiet because I was
innocent. When they took the second amendment, I was quiet because I
didn't own a gun. Now they've taken the first amendment, and I can say
nothing about it." -- Tim Freeman