* Sam Morris <[EMAIL PROTECTED]>:
> Lorenzo Martignoni wrote:
> >but, as you can see, on my own system ipv6 seems to be disabled
> >correctly.
> >
> >What happens on your system if you clear all firewall rules and policies
> >and then issue a "shorewall start"?
> >
> >-- lorenzo
>
> Ok, the recent kernel-image-2.6.8-i386 security update gave me an
> opportunity to double check this. The output of 'ip6tables --list' after
> booting up shows that ACCEPT is the policy for all three chains. I am
> attaching the shorewall-init.log.
>
> Running 'shorewall start' does not change this ("Shorewall Already
> Started"). Running 'shorewall restart' does correctly set the chains'
> policy to DROP.
>
> Is it possible that the ipv6 kernel modules are not loaded when
> shorewall is started, and so shorewall doesn't bother running ip6tables
> to set the default policy?
I think you're right; the ipv6 module is not loaded automatically so
probably the code used to detect if ipv6 is enable:
disable_ipv6() {
local foo="$(ip -f inet6 addr ls 2> /dev/null)"
fails to detect it and consequently ip6tables is not run.
On my system IPV6 is correctly disabled at boot. I don't think the
cause is a different version of Shorewall (my system runs Debian Sid)
because the code used to detect the presence of IPV6 is the same.
Please try to add ipv6 in your /etc/modules so that the module is
loaded at boot before shorewall startup and let me know what happen.
Thank you.
-- lorenzo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
