Sam, I was looking into this and I cannot reproduce it. Here is what I see on a freshly booted machine running Shorewall 4.0.6 with DISABLE_IPV6=yes:
ip6tables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT 0 anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT 0 anywhere anywhere So, I am left scratching my head. The policies are now DROP instead of accept. However, the source/destination are anywhere. Of course, a shorewall dump does not show anything called anywhere. So, I am not sure if this some ip6tables shorthand or if it is bogus. If the former, I am inclined to think that it is wide-open on IPv6. If the latter, I am inclined to think that nothing is going to get through. The kicker is that a 'shorewall restart' does not change anything. Any thoughts you have on this would be appreciated. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
