diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index f1aa96b..820c7e4 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -76,6 +76,8 @@ class firewall::common::iptables {
 	ensure => installed,
     }
 
+    $ip6states = versioncmp($kernelversion, "2.6.20")
+
     file { "/etc/sysconfig/iptables":
 	ensure  => present,
 	mode    => 0600,
diff --git a/firewall/templates/ip6tables.erb b/firewall/templates/ip6tables.erb
index 1a664ed..0e30dfb 100644
--- a/firewall/templates/ip6tables.erb
+++ b/firewall/templates/ip6tables.erb
@@ -6,7 +6,12 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m ipv6header --header ah -j ACCEPT
 -A INPUT -m ipv6header --header esp -j ACCEPT
+<% if ip6states >= 0 -%>
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+<% else -%>
+-A INPUT -m tcp -p tcp ! --syn -j ACCEPT
+-A INPUT -m udp -p udp --dport 32768:61000 -j ACCEPT
+<% end -%>
 -A INPUT -p ipv6-icmp -j ACCEPT
 <%
   firewall_rules.each do |rule|