Új hozzászólás Aktív témák

• Tarokk79 aktív tag

  #9714

  #9713 Tarokk79

  2021-10-26 00:28:35

  Új Válasz

  Új hozzászólás

  Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

  

  Tarokk79

  aktív tag

  #9713 Tarokk79

  #9713 Tarokk79

  Tűzfal témában kérném a segítségeteket. Debian 10 alatt nftables-t használom. A routeren most kapcsoltam be az ipv6-ot és a következő hibát kaptam:
  "
  Your router or firewall is filtering ICMPv6 messages sent to your computer. An IPv6 host that cannot receive ICMP messages may encounter problems like some web pages loading partially or not at all.
  "
  Azt a segítséget kaptam, hogy ezeket kellene engedélyeznem a tűzfalon.
  Az /etc/nftables.conf-ban a következő van benne:
  #!/usr/sbin/nft -f
flush ruleset
table inet filter {
        chain input {
                type filter hook input priority 0;                iif lo accept
                ct state established,related accept                ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert } accept
              counter drop
        }
}
  
  Mit kellene még hozzáraknom?

  Hát már szerintem mindent felvittem és még mindig ezt a hibaüznetet kapom.
  sudo nft list table inet filter
table inet filter {
    chain input {
        type filter hook input priority 0; policy accept;
        iif "lo" accept
        ct state established,related accept
        ip6 nexthdr ipv6-icmp icmpv6 type destination-unreachable accept comment "accept ICMPv6 dest unreachable"
        ip6 nexthdr ipv6-icmp icmpv6 type packet-too-big accept comment "accept ICMPv6 packet too big"
        ip6 nexthdr ipv6-icmp icmpv6 type time-exceeded icmpv6 code { 0, 1 } accept comment "accept ICMPv6 time exceeded"
        ip6 nexthdr ipv6-icmp icmpv6 type parameter-problem icmpv6 code { 0, 1, 2 } accept comment "accept ICMPv6 parameter problem"
        ip6 nexthdr ipv6-icmp icmpv6 type echo-request accept comment "accept ICMPv6 echo request"
        ip6 nexthdr ipv6-icmp icmpv6 type echo-reply accept comment "accept ICMPv6 echo reply"
        ip6 nexthdr ipv6-icmp icmpv6 type nd-router-solicit accept comment "accept ICMPv6 router solicitation"
        ip6 nexthdr ipv6-icmp icmpv6 type nd-router-advert accept comment "accept ICMPv6 router advertisement"
        ip6 nexthdr ipv6-icmp icmpv6 type nd-neighbor-solicit accept comment "accept ICMPv6 neighbor solicitation"
        ip6 nexthdr ipv6-icmp icmpv6 type nd-neighbor-advert accept comment "accept ICMPv6 neighbor advertisement"
        ip6 nexthdr ipv6-icmp icmpv6 type ind-neighbor-solicit accept comment "Inverse Neighbor Discovery Solicitation"
        ip6 nexthdr ipv6-icmp icmpv6 type ind-neighbor-advert accept comment "Inverse Neighbor Discovery Advertisement"
        ip6 nexthdr ipv6-icmp icmpv6 type mld-listener-query accept
        ip6 nexthdr ipv6-icmp icmpv6 type mld-listener-report accept
        ip6 nexthdr ipv6-icmp icmpv6 type mld-listener-done accept
        ip6 nexthdr ipv6-icmp icmpv6 type mld2-listener-report accept
        ip6 nexthdr ipv6-icmp icmpv6 type 148 accept
        ip6 nexthdr ipv6-icmp icmpv6 type 149 accept
        ip6 nexthdr ipv6-icmp icmpv6 type 151 accept
        ip6 nexthdr ipv6-icmp icmpv6 type 152 accept
        ip6 nexthdr ipv6-icmp icmpv6 type 153 accept
        counter packets 100 bytes 17935 drop
    }
}

Új hozzászólás Aktív témák