What | Removed | Added |
---|---|---|
Status | NEW | RESOLVED |
Resolution | --- | INVALID |
two things happened here: 1. upgrading to firewalld 0.7.2, which introduced one important change: masquerading is only enabled for IPv4; if one wants to masquerade IPv6 as well, one has to add one rich rule to the external zone: firewall-cmd --zone=external --add-rich-rule='rule family=ipv6 masquerade' --permanent 2. in my attempts to fix that I set net.ipv6.conf.eth1.autoconf to 0 which breaks accepting RA packets.