ip6tables extensions
Description
netfilter (iptables/ip6tables)
is a set of kernel hooks, extensions, and user-level tools for
packet filtering in Linux. It is useful for building Linux-based
firewalls, among many other purposes.
Here we provide some additional ip6tables modules which should
be useful in fine-grained handling of IPv6 extension headers and
new IPsec options.
Documentation
ip6tables extensions manual entry
Download
- Stable version: ipv6headerorder-0.tar.gz (initial release, 8 Oct 2009). Provided in source code (tar.gz) format.
Includes the following:
- ipv6headerorder - matches packets based on the ordering of
the IPv6 extension headers they contain.
- Alpha version: ipv6headerorder-1a.tar.gz (second release, 18 Feb 2010). Provided in source code (tar.gz) format.
Includes the following:
- ipv6headerx - an extension of the existing
ipv6header module, adding support for Wrapped ESP (WESP)
headers and deep inspection of ESP-NULL packets, when the latter
are so indicated by the WESP header.
- ipv6headerorderx - a similar extension of the previous
ipv6headerorder. Note: ipv6headerorder and
ipv6headerorderx will be merged in the final version.
To return to the ANTD IPv6 software distribution main page:
https://www-x.antd.nist.gov/ipv6/
Point Of Contact:
webmaster@antd.nist.gov
Last update: Thu Feb 18 2010.