i have this in /etc/iptables/ip6tables.ruleS:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmpv6 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i internal -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i internal -o external -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -p icmpv6 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
but wide-dhcpv6 keeps hanging, just endlessly repeating the following:
Code:
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set client ID (len 14)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set elapsed time (len 2)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copy_option: set option request (len 2)
Apr 22 21:59:52 ROUTER dhcp6c[325]: copyout_option: set IA_PD
Apr 22 21:59:52 ROUTER dhcp6c[325]: client6_send: send solicit to ff02::1:2%external
Apr 22 21:59:52 ROUTER dhcp6c[325]: dhcp6_reset_timer: reset a timer on external, state=SOLICIT, timeo=4, retrans=17700
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set client ID (len 14)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set elapsed time (len 2)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copy_option: set option request (len 2)
Apr 22 22:00:10 ROUTER dhcp6c[325]: copyout_option: set IA_PD
<just repeated over and over>
.
.
.
disabling ip6tables immediately causes the response to be accepted, and i get an IPv6 address from the isp.
so how on earth are these rules blocking this? i'm allowing all icmpv6 messages through..