Package: conntrackd
Version: 1:1.2.1-1
Severity: normal
Hi,
conntrackd's IPv6 kernel space filtering seems to be broken (at least with
wheezy's 3.2.0-3-amd64). When using kernel-space filtering in conntrackd and
specifying *any* IPv6 ignore entries, then no IPv6 connection states are
propagated by conntrackd. The problem does not exist when using userspace
filtering.
IOW, the following config snippet causes all IPv6 entries to be ignored:
Filter From Kernelspace {
Protocol Accept {
TCP
SCTP
DCCP
}
Address Ignore {
IPv4_address 127.0.0.1
IPv4_address 192.0.2.128/31
IPv4_address 192.0.2.130
IPv6_address ::1
}
}
Removing the IPv6_address line, or converting to Userspace makes things work.
Regards,
Apollon
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable'), (80,
'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages conntrackd depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libnetfilter-conntrack3 1.0.1-1 Netfilter netlink-conntrack librar
ii libnfnetlink0 1.0.0-1 Netfilter netlink library
conntrackd recommends no packages.
conntrackd suggests no packages.
-- no debconf information
--
Apollon Oikonomopoulos [email protected]
Skroutz S.A. http://skroutz.gr
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
