Fonsdé ^^ oui :s
çà désactive la configuration IPv6 (automatique ?) c çà !? !oL[quote=“PengouinPdt, post:17, topic:72332”]
Si c’est ‘0’, c’est bon … 
[/quote]
C bon Merci @PengouinPdt
Histoire de participer 
Ma config ifconfig
vmbr0 Link encap:Ethernet HWaddr d4:ae:52:c7:93:f2
inet addr:62.210.205.199 Bcast:62.210.205.255 Mask:255.255.255.0
inet6 addr: fe80::d6ae:52ff:fec7:93f2/64 Scope:Link
inet6 addr: 2001:bc8:25bb:ff00::/56 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:282304329 errors:0 dropped:1478 overruns:0 frame:0
TX packets:171190348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:91409688959 (85.1 GiB) TX bytes:100037651689 (93.1 GiB)
vmbr1 Link encap:Ethernet HWaddr fe:4e:be:49:dc:d5
inet addr:10.59.199.254 Bcast:10.59.199.255 Mask:255.255.255.0
inet6 addr: 2001:bc8:25bb:ff00:3b:1ab3::/128 Scope:Global
inet6 addr: 2001:bc8:25bb:ff00:3b:1ab3:111:254/64 Scope:Global
inet6 addr: 2001:bc8:25bb:ff00:3b::/64 Scope:Global
inet6 addr: fe80::d87a:a0ff:fe33:f6f9/64 Scope:Link
inet6 addr: 2001:bc8:25bb:ff00:3b:1ab3:111:0/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158799890 errors:0 dropped:0 overruns:0 frame:0
TX packets:156442692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:96707590102 (90.0 GiB) TX bytes:79326163299 (73.8 GiB)
Ma chaine ip6tables -L INPUT_ICMPV6 -n -v
Chain INPUT_ICMPV6 (0 references) pkts bytes target prot opt in out source destination
0 0 DROP icmpv6 * * ::/0 ::/0 ctstate INVALID
0 0 ACCEPT icmpv6 * * ::/0 ::/0 limit: avg 10/min burst 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED,UNTRACKED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 code 0 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 code 0 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 code 1 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 0 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 1 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 2 ctstate NEW
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 100
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 101
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 127
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 code 0 ctstate NEW
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129 code 0 ctstate NEW
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 130 code 0 ctstate NEW HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 131 code 0 ctstate NEW HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 132 code 0 ctstate NEW HL match HL == 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 134 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00::/64 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:10 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:10 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:10 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:11 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:11 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:11 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:101 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:101 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:101 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:201 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:201 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:201 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:251 ::/0 ipv6-icmptype 133 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:251 ::/0 ipv6-icmptype 135 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * 2001:bc8:25bb:ff00:3b:1ab3:0:251 ::/0 ipv6-icmptype 136 code 0 HL match HL == 255
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 138 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 139 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 140 code 0
0 0 ACCEPT icmpv6 * * ::/0 ff02::1 ipv6-icmptype 141 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 code 0 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 143 ctstate NEW HL match HL == 1
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 144 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 145 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 146 code 0
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 147
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 151 ctstate NEW HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 152 ctstate NEW HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/64 ::/0 ipv6-icmptype 153 ctstate NEW HL match HL == 1
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 200
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 201
0 0 DROP icmpv6 * * ::/0 ::/0 ipv6-icmptype 255
0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-no-route
çà a du mal à ping ponguer 
Après j’arrive à pinguer (sans firewall ^^) des vserveurs style : ping6 2001:bc8:25bb:ff00:3b:1ab3:0:10 ce sont les voisins (neighbour) c’est çà ?
//---------------
Sinon sur ton blog @PengouinPdt dans la phrase
tu veut dire celle-ci : fe80::d6ae:52ff:fec7:93f2/64 dans ma configuration ?
OUi, c’est dû au limit
Mhum non… je viens de mettre 100000/seconde…
Sinon OKay c’est ce que tu fais sur cette ligne : ip6tables -A INPUT_ICMPV6 -s fe80::/64 -p icmpv6 --icmpv6-type 134/0 -m hl --hl-eq 255 -j ACCEPT Merci.
çà m’fatigue ^^ haha
Sur mon serveur, j’utilise cette forme basique (sans UNTRACKED).
Peux-tu me donner un exemple pour que je contrôle ce avec quoi (qui) je suis censé ne pas pouvoir communiquer ?
Merci.
Sinon avec une config comme suit :
IPS="LES_IPS_DE LA MACHINE"
for ips in $IPS
do
## Permettre àne connexion ouverte de recevoir du trafic en entré
$IPTABLE -A INPUT -d $ips -m state --state ESTABLISHED,RELATED,UNTRACKED -j ACCEPT
$IPTABLE -A INPUT -d $ips -j REJECT --reject-with icmp6-adm-prohibited
$IPTABLE -A OUTPUT -s $ips -j ACCEPT
done
# $IPTABLE -A INPUT -p ipv6-icmp -j ACCEPT
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT #
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT #
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type neighbour-advertisement -j ACCEPT #
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type neighbour-solicitation -j ACCEPT #
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
$IPTABLE -A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
En bien çà ping pong entre les vserveurs mais çà ne répond pas de l’exterieur (sur le dédié online).
Ping de l’exterieur :
16:48:11 root@pow:~ $ ping6 zw3b.fr -c1
PING zw3b.fr(2001:bc8:25bb:ff00:3b::) 56 data bytes
From 2001:bc8:25bb:ff00:3b:: icmp_seq=1 Destination unreachable: Administratively prohibited
--- zw3b.fr ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
Je vois que l’erreur Destination unreachable: Administratively prohibited signifie : CF : TCPGuide
Le datagramme n’a pas pu être transmis en raison du filtrage qui bloque le message en fonction de son contenu. Equivalent au sous-type de message avec le même nom (et valeur de code 13) dans ICMPv4.
16:48:15 root@pow:~ $ ping6 www.zw3b.fr -c1
PING www.zw3b.fr(2001:bc8:25bb:ff00:3b:1ab3:111:10) 56 data bytes
--- www.zw3b.fr ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
Et là dans (jusqu’à) un vserser çà ne traversse répond même pas. C bon çà
Euhhh, oui ???
C’est quoi la relation avec le “popcorn” ? pardon, iptables ?!
ou le sujet ?
En plus, nous balancer des outils Google … 
En tout comme tu le dis si bien @PengouinPdt IP6tables rejette tout mon trafic
Bon boulot…
Cordialement,
O.Romain Jaillet-Ramey aKa LAB3W.ORJ