http://www.netfilter.org/projects/iptables/files/changes-iptables-1.3.5.txt states that in 1.3.4 the state and conntrack modules for ipv6 were enabled.
http://archives.free.net.ph/message/20060118.061509.2b74ef18.en.html seems to suggest that the kernel now has it enabled.
Is there any reason why Fedora Rawhide still does not have iptables conntracking and state matching for ipv6?
Trever Adams
On Tue, 2005-08-23 at 22:17 -0600, Trever L. Adams wrote:
During the FC4 development cycle I mistakenly asked for 2.6.12 to be included because it "had" the ip_conntrack for ipv6. This was based on something I read. It turns out the person was misquoting. The USAGI project was promising this for a patch for 2.6.12. It was never included at least to my knowledge.
My wish list for FC5 includes the following: TARPIT target for IPTABLES (I think it is already included).
connlimit (and friends) matching for the kernel, this exists in documentation but has not yet made the mainstream kernel. Help should be given to get it there and it should be included.
ip6_conntrack (or whatever it's name is) should be given similar help and should be included.
Other than that, most of my wishes are ready being addressed. I do think these are very important for both desktop and server/firewall machines.
Thank you, Trever Adams -- "I conceive that a great part of the miseries of mankind are brought upon them by the false estimates they have made of the value of things." -- Benjamin Franklin
-- "When they took the fourth amendment, I was quiet because I didn't deal drugs. When they took the sixth amendment, I was quiet because I was innocent. When they took the second amendment, I was quiet because I didn't own a gun. Now they've taken the first amendment, and I can say nothing about it." -- Tim Freeman