# Question about OpenVZ UFW and IPv6



## tchen (Mar 1, 2014)

I've been running Ubuntu 12.04 LTS fleet with UFW's IPv6=no like any sane person who didn't like poking themselves in the eye with a rusty spoon tend to do.  But I'm a glutton for punishment.  Does anyone have it working under IPv6?  If not, any other good alternatives short of resorting to raw ip6tables?

Thanks

edit: ack, wrong sub-forum.  Mods feel free to move to Q&A.


----------



## DomainBop (Mar 1, 2014)

Sanewall.  It's an IPv6 compatible fork of Firehol


----------



## WelltodoInformalCattle (Mar 2, 2014)

I'd be interested in finding this out as well. It was a struggle trying to get UFW+IPv6 to cooperate.


----------



## tchen (Mar 2, 2014)

I figured I'd try ufw a bit more before dumping it.  I finally got it running on INIZ's ovz nodes by hacking out portions of before6.rules.

Specifically, 

1) remove the rt module based lines under the heading "drop packets with RH0 headers"

2) removed the line "-A ufw6-before-input -m state --state INVALID -j DROP" in order to get ping results back.  I'm kinda worried/perplexed about this one.

3) removed all the dhcp / multicast cruft from the bottom.

I don't have a dev machine elsewhere so I'm not 100% sure this works everywhere.


----------

