From YaST POV there are two possibilities:
(1) do not touch
(2) enable 546/udp,tcp explicitly when dhcpv6 is enabled in services. I
https://bugzilla.novell.com/show_bug.cgi?id=822959
https://bugzilla.novell.com/show_bug.cgi?id=822959#c4
Michal Filka changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEEDINFO
InfoProvider| |security-team@suse.de
--- Comment #4 from Michal Filka 2013-08-29 09:31:26 UTC ---
Yes config seems good.
There is already running discussion in bnc#783002. If I understand it well,
netfilter is unable to track DHCPv6 related packets. Opening firewall
unconditionally is considered insecure and is not provided by default in
SuSEfirewall2
personally don't like this approach. I think it can cause only troubles once
DHCPv6 gets properly tracked by netfilter. Also, I think that IPv6 / DHCPv6 is
not so widely used to require such special approach.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.