105561 – SuSE firewall complains about missing state matching support for IP6

Bug 105561 - SuSE firewall complains about missing state matching support for IP6

Summary: SuSE firewall complains about missing state matching support for IP6

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Kernel (show other bugs)
Version:	Beta 2
Hardware:	x86 All

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Ludwig Nussel
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-18 14:54 UTC by Jiri Dluhos
Modified:	2005-08-25 10:11 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jiri Dluhos 2005-08-18 14:54:58 UTC

When booting, this message is printed to the console:

SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6
support disabled.

I don't know if the extended support for IPv6 is really useful, but if it is
not, probably the warning should be silenced as it can frighten users :-)

Comment 1 Olaf Kirch 2005-08-18 15:14:49 UTC

Ludwig, any idea why it still complains? We haven't had state matching 
support for ages. 
 
Or does it really complain about the reject target? That isn't in the 
current kernel; I still need to port it.

Comment 2 Ludwig Nussel 2005-08-18 15:52:56 UTC

sles9 did have state matching. Without state matching v6 support is very 
limited so this is a regression, therefore I'll let SuSEfirewall2 complain so 
this won't be forgotten. The REJECT target is needed in any case.

Comment 3 Ludwig Nussel 2005-08-19 14:53:38 UTC

oh, assigned to me. Reassigning to Olaf to at least port the reject target.

Comment 4 Olaf Kirch 2005-08-22 16:26:10 UTC

Added ip6t_REJECT to kernel source CVS. If I'm lucky, this change will 
make beta3. If not, please test tomorrow's KOTD

Comment 5 Jiri Dluhos 2005-08-25 08:54:30 UTC

I'm sorry but I still keep getting this message on SL10 beta3 64-bit...

Comment 6 Olaf Kirch 2005-08-25 09:07:56 UTC

Yes, see comment #2 where Ludwig explicitly states that he will not 
disable the warning as long as the kernel is lacking ipv6 state matching. 
This support isn't there, and won't be there for some time to come... 
 
Anyway, this is Ludwig's message so assigning back to him

Comment 7 Ludwig Nussel 2005-08-25 10:11:43 UTC

will not remove the message