IPv6 Support in CSF

pierce · Post by **pierce** » 24 Apr 2010, 18:20

When can we expect IPv6 support in CSF?
All our servers are already IPv6 enabled and running CSF. Because CSF is not IPv6 aware we have created our own ip6tables script. But it's definitely not an ideal situation....

I know there are a lot of other CSF users that are looking forward to IPv6 support in CSF.

Post by **ForumAdmin** » 25 Apr 2010, 17:45

We are working on it. There are issues with ip6tables, especially with kernels < v2.6.20 (such as the current CentOS v5 kernel) which do not support SPI (connection tracking). There's also care needed with the new icmpv6 filtering that needs to be taken care of.

We should hopefully have an experimental ipv6 option available in the near future.

pierce · Post by **pierce** » 25 Apr 2010, 18:55

Good to hear you are working on it!
I would be happy to apply as beta tester

Post by **chirpy** » 05 May 2010, 16:11

This has now been added to v5.04 of csf.

It wasn't as easy or simple as just search and replace iptables for ip6tables

The new system allows for the configuration of a fallback static IPv6 firewall for kernels older than 2.6.20 as they do not support stateful connection tracking. Newer kernels will configure a proper SPI firewall, but we've only been able to do limited SPI testing on that configuration with the resources available.

SoftDux · Post by **SoftDux** » 01 Jun 2010, 09:32

thanx for the update Chirpy. Does this work with the current version(s) of CentOS, i.e. 5.4 & 5.5. yet?

Post by **chirpy** » 14 Jun 2010, 14:50

The version of CentOS has no bearing. It's dependent on the kernel version you are running and whether ip6tables is installed (kernel version requirements are mentioned in the documentation).