From YaST POV there are two possibilities: (1) do not touch (2) enable 546/udp,tcp explicitly when dhcpv6 is enabled in services. I
https://bugzilla.novell.com/show_bug.cgi?id=822959 https://bugzilla.novell.com/show_bug.cgi?id=822959#c4 Michal Filka <mfilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #4 from Michal Filka <mfilka@suse.com> 2013-08-29 09:31:26 UTC --- Yes config seems good. There is already running discussion in bnc#783002. If I understand it well, netfilter is unable to track DHCPv6 related packets. Opening firewall unconditionally is considered insecure and is not provided by default in SuSEfirewall2 personally don't like this approach. I think it can cause only troubles once DHCPv6 gets properly tracked by netfilter. Also, I think that IPv6 / DHCPv6 is not so widely used to require such special approach. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.