http://bugzilla.suse.com/show_bug.cgi?id=1099698 Bug ID: 1099698 Summary: firewalld puts icmp into ip6tables Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: markos.chandras@suse.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When I enable icmp, I see icmp in both ipv4 and ipv6 iptables: 0 0 ACCEPT icmp * * ::/0 ::/0 ctstate NEW But icmp in ipv6 is called icmpv6. So it all does not work and the traffic is dropped:
[285010.162912] IN_drop_DROP: IN=eth1 OUT= MAC=d8:9e:f3:f6:6d:0c:00:14:d1:e6:8d:c6:86:dd SRC=fe80:0000:0000:0000:0214:d1ff:fee6:8dc6 DST=2a01:4240:2e27:ad85:aaaa:0000:0000:070f LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
And I see no way how to configure firewalld to add icmpv6 into ip6tables. I have to use a direct rule: firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p icmpv6 -j ACCEPT I would expect enabling icmp would enable icmpv6 in ip6tables, or at least icmpv6 would be another option of protocol to be added. -- You are receiving this mail because: You are on the CC list for the bug.