Description of problem: ipv6 conntrack modulel state RELATED,ESTABLISHED doesn't work. Version-Release number of selected component (if applicable): How reproducible: Very reproducable Steps to Reproduce: 1. Setup ip6tables with # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable COMMIT And perform /etc/rc.d/init.d/ip6tables restart 2. Try browsing an ipv6 only web page such as http://d6.6dns.org/info/ipv6 3. After the web page doesn't load execute iptables -L -v -n |less Actual results: A web page that doesn't load, and A number of rejects with reject-with icmp6-port-unreachable, and 0 packets accepted with state RELATED,ESTABLISHED Expected results: A loaded web page, A number of packets accepted with state RELATED,ESTABLASHED, 0 or very few packets rejected with reject-with icmp6-port-unreachable Additional info:
Kernel version is kernel-2.6.18-1.2868.fc6
That's a dublicate of 214117 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222446)
*** This bug has been marked as a duplicate of 214117 ***