[ntp:questions] IPv6 and ip6tables
oneingray at gmail.com
Mon Mar 11 21:13:28 UTC 2013
>>>>> Xavier Robin <geckolimo at gmail.com> writes:
[Cross-posting to news:comp.os.linux.networking.]
> Has anyone some experience serving NTP over IPv6 through an ip6tables
> firewall here?
> Despite the fact that I opened port 123 (both UPD and TCP), as soon
> as I set the INPUT policy to DROP, NTP becomes unreachable. Is it
> using a different port on ipv6 or something like this? The server is
> fully reachable when the INPUT policy is ACCEPT. It is also
> reachable over ipv4 with the same iptables rule (and DROP policy).
I've never seen an issue with such a setup. The only difference
is that my firewall has also a -j ACCEPT rule for --dport 123 in
the FORWARD chain. I don't know if it's related, though.
> xavier at arthur:~$ sudo ip6tables -L
> [sudo] password for xavier:
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all anywhere anywhere
Is there really such an all-permitting rule?
> ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
> ACCEPT tcp anywhere anywhere tcp dpt:(some ports...)
> ACCEPT udp anywhere anywhere udp dpt:ntp
> ACCEPT tcp anywhere anywhere tcp dpt:ntp
FSF associate member #7257
More information about the questions