Hi,
During 0.21 testing session, I noticed that we accept IPv6
RELATED,ESTABLISHED connections while we drop everything else. Is there
any good reason to do that?
# ip6tables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
0 0 LOG all * * ::/0 ::/0 LOG flags 8 level 7 prefix `Dropped outbound packet: '
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Cheers
