g.spellauge a écrit :
> thanks, bu what i do not understand is the fact, that v6-traffic (even
> the responses to http-requests) is completely blocked after successfully
> receiving a few echo-replys?
Because after some time the neighbour cache entry expires and needs to
be refreshed, but your ruleset drops the requires ICMPv6 neighbour
discovery packets.
> if i modify
>
> ${IPT} -A INPUT -i ${INE_IFACE} -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> ${IPT} -A INPUT -i ${INE_IFACE} -p
> icmpv6 -j ACCEPT --match limit --limit 10/minute
>
> everthing works fine.
Well, the last rule accepts enough ICMPv6 packets to refresh the
neighbour cache. Note however that 10/minute may not be enough if the
host is communicating with many neighbours.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fc16382.8030...@plouf.fr.eu.org
