Description of problem: State module missing for ip6tables Version-Release number of selected component (if applicable): iptables-ipv6-1.2.8-12.3 How reproducible: Always Steps to Reproduce: 1. Configure ipv6 # cat >> /etc/sysconfig/network NETWORKING_IPV6=yes IPV6FORWARDING=yes IPV6_AUTOTUNNEL=no # service network restart 2. Configure ip6tables # ip6tables -A INPUT -s ::/0 -d ::/0 -p tcp -m tcp --dport 22 -j ACCEPT 3. Use ip6tables state module # ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Actual Results: ip6tables v1.2.8: Couldn't load match `state':/lib/iptables/libip6t_state.so: cannot open shared object file: No such file or directory Try `ip6tables -h' or 'ip6tables --help' for more information. Expected Results: No error message Additional info: This is working on iptables (ipv4) but not on ip6tables contrary to Redhat's documentation: chapter "Firewalls", "IP6Tables".
There is no state module for ipv6 in the kernel.
Therefore, this is a documentation error. The functionality simply doesn't exist, neither in kernel nor in the iptables utilities. Can someone reassign to the proper component for the referenced documentation?
Hello, Eric. I'm reassigning this bug to the "rhel-sag" component under the assumption (er, make that, guess) that you're referring to the Red Hat Administrator's Guide. Could you please confirm the exact title of the documentation containing the chapter and section you've listed above? Thanks in advance. -ernie
Hi Ernie, Here is the URL of the documentation I was refering to: http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/security-guide/s1-firewall-ip6t.html That said, I was able to find the same statements in a number of other documents: http://www.europe.redhat.com/documentation/rhl9/rhl-sg-en-9/s1-firewall-ip6t.php3 http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-firewall-ip6t.html http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-firewall-ip6t.html Also in RHEL4, which I have not tested. So maybe it is now implemented! http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-firewall-ip6t.html __ Eric
A patch for this feature can be found at: http://lists.netfilter.org/pipermail/netfilter-devel/2003-September/012575.html This patch is currently shipping in Suse 9.x
Actually see my last message this is not strictly documentation any more, as there is a patch. Why not applying the patch instead of fixing the documentation?
Ping, this was apparently fixed in iptables-ipv6-1.3.5-1.2, can you close this bug? Thanks, __ Eric
No longer Doc-related. Set QA to Thomas as I think he owns ip6tables as well... Please reassign if necessary. Documentation keyword removed
I can confirm that the state module is in iptables-ipv6-1.3.5-1.2.1 (FC6). However, it's not documented in 'man ip6tables', so if I hadn't read to the very end of this bug I wouldn't know that. The man page needs to be updated before this can be closed.
Reassigning since the content services group currently doesn't handle man pages.
Removing automation notification