Bug 105561

Summary: SuSE firewall complains about missing state matching support for IP6
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Jiri Dluhos <jdluhos>
Component: KernelAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: jbohac
Version: Beta 2   
Target Milestone: ---   
Hardware: x86   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jiri Dluhos 2005-08-18 14:54:58 UTC 
When booting, this message is printed to the console:

SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6
support disabled.

I don't know if the extended support for IPv6 is really useful, but if it is
not, probably the warning should be silenced as it can frighten users :-)
Comment 1 Olaf Kirch 2005-08-18 15:14:49 UTC 
Ludwig, any idea why it still complains? We haven't had state matching 
support for ages. 
 
Or does it really complain about the reject target? That isn't in the 
current kernel; I still need to port it.
Comment 2 Ludwig Nussel 2005-08-18 15:52:56 UTC 
sles9 did have state matching. Without state matching v6 support is very 
limited so this is a regression, therefore I'll let SuSEfirewall2 complain so 
this won't be forgotten. The REJECT target is needed in any case.
Comment 3 Ludwig Nussel 2005-08-19 14:53:38 UTC 
oh, assigned to me. Reassigning to Olaf to at least port the reject target.
Comment 4 Olaf Kirch 2005-08-22 16:26:10 UTC 
Added ip6t_REJECT to kernel source CVS. If I'm lucky, this change will 
make beta3. If not, please test tomorrow's KOTD
Comment 5 Jiri Dluhos 2005-08-25 08:54:30 UTC 
I'm sorry but I still keep getting this message on SL10 beta3 64-bit...
Comment 6 Olaf Kirch 2005-08-25 09:07:56 UTC 
Yes, see comment #2 where Ludwig explicitly states that he will not 
disable the warning as long as the kernel is lacking ipv6 state matching. 
This support isn't there, and won't be there for some time to come... 
 
Anyway, this is Ludwig's message so assigning back to him
Comment 7 Ludwig Nussel 2005-08-25 10:11:43 UTC 
will not remove the message