On Fri, 2008-04-11 at 11:30 +0200, Antonio M wrote: > the two are completely different. Yes, they are. Which makes me wonder why you expect the configuration of one to suit the other. Sure, you might want similar rules (e.g. blocking port 80 for IPv4 and IPv6), but how they're applied requires instructions suited specifically for each one. > I made a crazy try replacing ip6tables content with iptables content > and I restarted ip6tables but I get: > ip6tables failed. The error was: ip6tables: Unloading modules: [ > OK ] > ip6tables: Applying firewall rules: ip6tables-restore v1.3.8: > ip6tables-restore: unable to initialize table 'nat' > > Error occurred at line: 2 > Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more > information. > [FALLITO] > > why?? how iptables and ip6tables should match??? Rules perhaps, but the commands to set the rules, no. [root@suspishus ~]# cd /etc/sysconfig/ [root@suspishus sysconfig]# diff ip6tables iptables 10,13c10,13 < -A RH-Firewall-1-INPUT -p ipv6-icmp -j ACCEPT < -A RH-Firewall-1-INPUT -m ipv6header --header 50 -j ACCEPT < -A RH-Firewall-1-INPUT -m ipv6header --header 51 -j ACCEPT < -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT --- > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT 23,24c23,24 < -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited < -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited --- > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited This shows the differences between the two configuration files. You can see that the IPv6 version uses different addressing schemes and some specific IPv6 commands. You seem to be comparing a backup file with a current file. And you haven't said what you've used to set your rules. If you're hand writing your rules, you can simply wipe out the stored configuration and start again. If you're using a tool to configure them, you can probably do the same. -- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
