OpenSUSE Linux, including SuSEfirewall2, not has full support for IPv6 only.

genixinfo · May 31, 2012, 11:38pm

I thought I had more of this post, I have my doubts:

Posted on May 23, 2012.

IPv6 support Yast Firewall

With use of IPv6 increasing, would it be possible to get support for IPv6 added to Yast Firewall? Also, I use a 6in4 tunnel to obtain IPv6 and the 6in4 tunnel (tun-00) doesn’t appear in Yast. As that is how many currently obtain IPv6, support for that is important.

Font and more information: [opensuse-factory] IPv6 support Yast Firewall](http://lists.opensuse.org/opensuse-factory/2012-05/msg00503.html)

As yet responded to the post, my doubts still persist, someone can answer this post, and thus end my doubts.

This bug has also been reviewed here: openSUSE News

Thankfully, here, the post was answered, but the previous question, still unanswered:

Posted on May 24, 2012.

Nmap v6

Any idea on when nmap 6 will be available on openSUSE?
New Nmap probes IPv6 networks - Page 1 - Voice, Data, and IP

Font and more information: [opensuse-factory] Nmap v6](http://lists.opensuse.org/opensuse-factory/2012-05/msg00550.html)

For one of the largest and oldest Linux distributions in the world, in the DistroWatch ranking and its 5 years of openSUSE Linux, and SUSE Linux with its 20 years made a few weeks, which has a green chameleon as a trademark, and the subject: full support for native IPv6, it was to have been implemented long ago.

hcvv · June 1, 2012, 12:43pm

Why is this posted in the Dutch part of the Forums?

This will be moved.

hcvv · June 1, 2012, 1:45pm

Now moved to the Englsih language part.

genixinfo · June 1, 2012, 5:32pm

hcvv,

Thanks, I had not noticed.

Do you or someone can clarify my doubts?

hcvv · June 1, 2012, 5:48pm

I do not use SuSEFirewall2 and I do not use IPv6 tunneling.

ghostintheruins · June 1, 2012, 6:23pm

I did not understand quite well what / which are your doubts but I will try to answer what I understood.

SuSEfirewall2 and IPV6.
Indeed the support for IPV6 is quite limited. See SuSEfirewall2 - openSUSE for the list of working and non-working items.

I have no idea when and what it will be supported in the future in respect to IPV6 but I think it is in developers focus.

On the other had - regarding your request / question about Yast support for it - Yast doesn’t even have full support (in terms of the configurations options) for IPV4.

From the same page:

Please note, the current YaST_Firewall does not show nor let you configure all settings of the firewall. This includes at least reject configuration (at least one activated by default).

Since it is actually a script and one quite well documented, it’s advisable to configure it manually.

For example I do not remember if YaST_Firewall gives an option on how to configure manual routing or not and other features.

Nmap v. 6.0.
Did you try software.opensuse.org: Search ?

Click on “show other versions” / “show unstable packages” - at least one repository (one general and other personal ones) has nmap v. 6.0

See here: https://build.opensuse.org/package/show?project=network%3Autilities&package=nmap

Just add network:utilities repository or use 1-click install

Cheers.

genixinfo · June 1, 2012, 6:58pm

Thanks for the replies, but I refer to only support the use of pure IPv6 without IPv4, here it comes that the openSUSE Linux already supports IPv6 for a long time.

Fedora Linux also supports a long time:

2.8.8. IPv6

OpenSUSE Linux was also to support, but with fully supported.

ghostintheruins · June 2, 2012, 8:14am

I’ve read what you wrote there and my feeling is the same - it’s either a language barrier or you just post things without actually reading the answers or trying to understand them…

What do you mean by “pure IPv6 without IPv4”? You want that the distro / linux kernel just drops the support for IPV4 and use IPV6 only? Hmmm, that would break the internet I guess.

Did you even try a google search for “opensuse IPV6” - you will notice that it supported for quite long time also. SDB:Native IPv6 - openSUSE

There or try another search on software.opensuse.org/search you will notice that DHCPV6 is available.

You paste a link about fedora having implementing IPV6 in iptables - did you try “man ip(6)tables” in your opensuse ? Looking in the rpm for 12.1 I think that is also supported.

Like I previously said - SuSEfirewall2** is not a firewall itself **but a script that makes it easier to setup the iptables firewall rules… Just do not use it and set the firewall rules manually as you see fit.

So basically, what are you exactly looking for without actually looking?

Cheers.

genixinfo · June 2, 2012, 7:16pm

I understand, but now, please resolve this bug: [opensuse-factory] IPv6 support Yast Firewall](http://lists.opensuse.org/opensuse-factory/2012-05/msg00503.html)

But here you said that the support is limited:

SuSEfirewall2 and IPV6.
Indeed the support for IPV6 is quite limited. See SuSEfirewall2 - openSUSE for the list of working and non-working items.

I have no idea when and what it will be supported in the future in respect to IPV6 but I think it is in developers focus.

But you say, that future support will be improved.

Do you have any prediction for this?

ghostintheruins · June 4, 2012, 11:46am

I am sorry, I do not use IPV6 nor did I read to much about it, so I can not help you with that. Hopefully some one else will.

You really do not seem to understand - differentiate between:

the actual firewall
which is IPTABLES and which I think it’s fully supported - read the manpages available on your system (man ip6tables)

and

the script
that generates rules for the firewall - SuSEfirewall2 <– this one is not fully supported yet.

To see the rules of your firewall you use:

 iptables -L

(in your case ip6tables -L )

As about my prediction - it’s more a wish (I use it too, though not too much from yast) since I am not a developer but based on the history of this script since the start-up of SuSE Linux, I believe it will be developed further to include more IPV6 support, meanging to be able to generate rules for ip6tables.

If you want to configure your IPTABLES firewall with a builder that has full support for IPV6 I would suggest you try firewallbuilder. It’s available for openSUSE in the repos and the developers say that:

http://blog.fwbuilder.org/2011/02/are-your-firewalls-ready-for-ipv6.htm
So, why am I posting about IPv6 you ask? One of the features of Firewall Builder is that it has built-in support for creating IPv6 objects and using those objects in your rules. This helps reduce the pain of deploying and supporting IPv6 firewalls. As noted IPv6 network architect pointed out to me, using a tool like Firewall Builder where objects are used in rules instead of straight IP addresses becomes even more critical with IPv6. How many times do you have to type 2001:0db8:85a3:::8a2e:0370:7334 before you make a typo??

Right now Firewall Builder supports IPv6 rules generation for Linux ip6tables, BSD pf, Cisco router access lists and ipfw, however I expect that as we see more of our users adopting IPv6 that we will add support for other platforms like Cisco ASA and PIX firewalls in the future.

Cheers and good luck.

genixinfo · June 15, 2012, 5:45pm

Thanks for the answers.

It seems that the subject is already being addressed here:

[opensuse-factory] IPv6 non-functional on Factory default install](http://lists.opensuse.org/opensuse-factory/2012-06/msg00633.html)

robin_listas · June 15, 2012, 11:23pm

On 2012-06-15 17:46, genixinfo wrote:

> It seems that the subject is already being addressed here:
>
> ‘[opensuse-factory] IPv6 non-functional on Factory default install’
> (http://lists.opensuse.org/opensuse-factory/2012-06/msg00633.html)

That’s a specific problem affecting only factory, and you are not using
factory. You are not, or you would have posted in the beta forum, so no,
you are not using factory >:-)

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)