2010-07-15 22:26:42 +02:00
|
|
|
1) In all versions of Shorewall6 lite, the 'shorecap' program is
|
|
|
|
|
using the 'iptables' program rather than the 'ip6tables' program.
|
|
|
|
|
This causes many capabilities that are not available in IPv6 to
|
|
|
|
|
be incorrectly reported as available.
|
|
|
|
|
|
|
|
|
|
This results in errors such as:
|
|
|
|
|
|
|
|
|
|
ip6tables-restore v1.4.2: Couldn't load match `addrtype':
|
|
|
|
|
/lib/xtables/libip6t_addrtype.so: cannot open shared
|
|
|
|
|
object file: No such file or directory
|
|
|
|
|
|
|
|
|
|
To work around this problem, on the administrative system:
|
|
|
|
|
|
|
|
|
|
a) Remove the incorrect capabilties file.
|
|
|
|
|
b) In shorewall6.conf, set the IP6TABLES option to the
|
|
|
|
|
path name of ip6tables on the firewall (example:
|
|
|
|
|
IP6TABLES=/sbin/ip6tables).
|
|
|
|
|
c) 'shorewall6 load <firewall>'.
|
2010-07-16 18:31:37 +02:00
|
|
|
|
|
|
|
|
2) In a number of cases, Shorewall6 generates incorrect rules
|
|
|
|
|
involving the IPv6 multicast network. The rules specify
|
2010-07-16 19:16:57 +02:00
|
|
|
ff00::/10 where they should specify ff00::/8. Also, rules
|
|
|
|
|
instantiated when the IPv6 firewall is stopped use ff80::/10 rather
|
2010-07-21 17:49:09 +02:00
|
|
|
than fe80::/10 (IPv6 link local network).
|
2010-07-16 18:31:37 +02:00
|
|
|
|
|
|
|
|
|
