Comment # 24 on bug 572202 from Matthias Gerstner

I've made changes to address this issue. It's a difficult situation, because
of conflicting behaviour between IPv4 and IPv6 in SuSEfirewall and
yast2-network, and because we need to respect backward compatibility.

With my changes the situation is as follows:

- the recommendation is to enable both IPv4 and IPv6 forwarding via yast, and
not rely on SuSEfirewall switching it on. This only works partly for IPv4 at
the moment, because when SuSEfirewall2 is enabled in systemd then yast implies
that SuSEfirewall will enable it.
- the FW_ROUTE configuration option in SuSEfirewall2 now allows separate
settings for IPv4 and IPv6, to allow to enable forwarding just for the
protocol that is required. Then SuSEfirewall checks whether forwarding is
already enabled for the given protocol and only if it is not already the case
will explicitly enable forwarding

With this change users get the expected behaviour when they enter
FW_ROUTE=IPv6: forwarding for IPv6 will be enabled even if not done so before
in yast. If it is enabled in yast then SuSEfirewall will not fiddle with the
forwarding settings any more.

I've also started a pull request with yast-network that should cause it not to
rely on SuSEfirewall2 any more. The responsible maintainer is not convinced
about this, however:

https://github.com/yast/yast-network/pull/503

I've done all I can in this matter. The changed behaviour is in
openSUSE:Factory, I didn't backport it due to the large change set it
involves.