problem allow ipv6
Posted: 13 Jul 2015, 16:43
Hi, i run centos7.1 with csf firewall + directadmin and try unblock one ipv6 address and not success
first i enable Requires ip6tables and then i did it:
$ csf -a 2001:0503:ff39:1000:0000:0000:0000:0074 test
Adding 2001:0503:ff39:1000:0000:0000:0000:0074 to csf.allow and iptables ACCEPT...
ACCEPT all opt in !lo out * 2001:503:ff39:1000::74 -> ::/0
ACCEPT all opt in * out !lo ::/0 -> 2001:503:ff39:1000::74
and reset the firewall
then look in csf.allow and saw it ipv6 address added but the firewall stil blocking the address
my log:
da kernel: Firewall: *TCP6OUT Blocked* IN= OUT=eth0 SRC=2001:41d0:0008:6099:0000:0000:0000:0000 DST=2001:0503:e8ef:1000:0000:0000:0000:0074 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=59389 DPT=43 WINDOW=28800 RES=0x00 SYN URGP=0 UID=1002 GID=1004
==================================================================
if i disable the firewall then the address working good
what i am doing wrong?
first i enable Requires ip6tables and then i did it:
$ csf -a 2001:0503:ff39:1000:0000:0000:0000:0074 test
Adding 2001:0503:ff39:1000:0000:0000:0000:0074 to csf.allow and iptables ACCEPT...
ACCEPT all opt in !lo out * 2001:503:ff39:1000::74 -> ::/0
ACCEPT all opt in * out !lo ::/0 -> 2001:503:ff39:1000::74
and reset the firewall
then look in csf.allow and saw it ipv6 address added but the firewall stil blocking the address
my log:
da kernel: Firewall: *TCP6OUT Blocked* IN= OUT=eth0 SRC=2001:41d0:0008:6099:0000:0000:0000:0000 DST=2001:0503:e8ef:1000:0000:0000:0000:0074 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=59389 DPT=43 WINDOW=28800 RES=0x00 SYN URGP=0 UID=1002 GID=1004
==================================================================
if i disable the firewall then the address working good
what i am doing wrong?