reassign 333365 kernel-source-2.6.8-2 thanks On Tue, Oct 11, 2005 at 05:15:48PM +0200, Benoit Panizzon wrote: > Package: kernel-image-2.6.8-2-686-smp > Version: 2.6.8-16 > Severity: important > > > Hello > > Just had a few problems I cannot explain except in a kernel bug: > > I would have to secure a box the way it is not accessible from unallowed > networks. > > So this is my code: > > iptables -P INPUT DROP > ip6tables -P INPUT DROP > #----------------------------------------------- > # IPv4 statefull > iptables -A INPUT -i lo -j ACCEPT > iptables -A INPUT -s 157.161.4.0/24 -j ACCEPT > iptables -A INPUT -p tcp --destination-port http -j ACCEPT > iptables -A INPUT -p tcp --destination-port nsca -j ACCEPT > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > #----------------------------------------------- > # IPv6 (not statefull) > ip6tables -A INPUT -i lo -j ACCEPT > ip6tables -A INPUT -s 2001:4060:1:4133::/64 -j ACCEPT > ip6tables -A INPUT -p tcp --destination-port http -j ACCEPT > ip6tables -A INPUT -p tcp ! --syn -j ACCEPT > > > After this code everything is fine for about 10 minutes (from within > 2001:4060:1:4133::/64). > And then, suddenly the machine is not reachable via IPv6 anymore. > > ip6tables -F and reloading the rules solves the problem for the next 10 > minutes or so... > > Any idea?
That does sould a lot like a kernel bug to me too. Could you please test the 2.6.12-2.99.sarge1 backport to sarge to see if it has been resolved upstream between 2.6.8 and 2.6.12. http://packages.vergenet.net/testing/linux-2.6/ -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
