[Bug 426303] New: /etc/ppp/ipv6-up missing
https://bugzilla.novell.com/show_bug.cgi?id=426303 Summary: /etc/ppp/ipv6-up missing Product: openSUSE 11.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: mt@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: kkeil@novell.com, max@novell.com Found By: Development the /etc/ppp/ipv6-{up,down} scripts are missing therefore ipv6 only connections do not trigger e.g. reconfiguration of the firewall. IMO we should just symlink ip-{up,down} and duplicate the actions in the ip-up and ip-down blocks (minus ip_resend and run_poll_tcpip probably) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=426303
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c1
--- Comment #1 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=426303
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c2
--- Comment #2 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=426303
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c3
--- Comment #3 from Reinhard Max
ip{,v6}-up is actually the wrong place to run things like firewall as it will be run twice if the interface uses both ipv4 and ipv6.
I guess in that case, the firewall setup should be changed so that can be called to do only the ipv4 or only the ipv6 part. But there is another reason why these scripts do not seem to be the right place for starting the firewall: pppd first brings up the interface and then executes the *-up scripts, so there is a period of time during which the interface is up, but not yet protected by the firewall rules.
Unfortunately pppd doesn't provide generic "link-up" or "protocols-up" scripts.
What about /etc/ppp/ip-pre-up? This one is run before the interface is being brought up and the pppd manpage explicitly mentions setting firewall rules among the things to do here. But I haven't yet tried if this gets called at all on an ipv6-only ppp link. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=426303
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c4
--- Comment #4 from Ludwig Nussel
(In reply to comment #2 from Ludwig Nussel)
ip{,v6}-up is actually the wrong place to run things like firewall as it will be run twice if the interface uses both ipv4 and ipv6.
I guess in that case, the firewall setup should be changed so that can be called to do only the ipv4 or only the ipv6 part.
Hmm, I'd need to introduce some sort of status file then that tells me that the firewall is already set up for the interface.
But there is another reason why these scripts do not seem to be the right place for starting the firewall: pppd first brings up the interface and then executes the *-up scripts, so there is a period of time during which the interface is up, but not yet protected by the firewall rules.
Yes and no. SuSEfirewall2 redirects all traffic from unknown interfaces to the external zone by default.
Unfortunately pppd doesn't provide generic "link-up" or "protocols-up" scripts.
What about /etc/ppp/ip-pre-up? This one is run before the interface is being brought up and the pppd manpage explicitly mentions setting firewall rules among the things to do here. But I haven't yet tried if this gets called at all on an ipv6-only ppp link.
It's not, I've checked the code already :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=426303
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c5
Marius Tomaschewski
participants (1)
-
bugzilla_noreply@novell.com