[Bug 841048] New: SUSEfirewall2: support IPv6 forward/reject
https://bugzilla.novell.com/show_bug.cgi?id=841048 https://bugzilla.novell.com/show_bug.cgi?id=841048#c0 Summary: SUSEfirewall2: support IPv6 forward/reject Classification: openSUSE Product: openSUSE Factory Version: 13.1 Beta 1 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: lnussel@suse.com ReportedBy: ro@suse.com QAContact: qa-bugs@suse.de CC: mt@suse.com Found By: Development Blocker: --- rejectall is a firewall set up to reject all packages that the router throws at it (because the router is only able to drop or accept). In order to do this, I had to change this line in SUSEfirewall2: --- /sbin/SuSEfirewall2.orig 2013-09-18 10:18:41.000000000 +0000 +++ /sbin/SuSEfirewall2 2013-08-27 15:52:55.000000000 +0000 @@ -299,7 +299,7 @@ ### ipv6 checks case "$FW_IPv6" in - drop|reject) IP6TABLES_HAVE_STATE=0 ;; + #drop|reject) IP6TABLES_HAVE_STATE=0 ;; no) IP6TABLES=":" ;; *) FW_IPv6="" ;; esac -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=841048 https://bugzilla.novell.com/show_bug.cgi?id=841048#c1 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |lnussel@suse.com InfoProvider| |ro@suse.com AssignedTo|lnussel@suse.com |meissner@suse.com --- Comment #1 from Ludwig Nussel <lnussel@suse.com> 2013-09-23 10:10:11 CEST --- I cannot make sense of that change even after looking at the code. From what you said on the hallway I think you are looking for something like this: FW_FORWARD_REJECT="0::0/0,0::0/0" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=841048 https://bugzilla.novell.com/show_bug.cgi?id=841048#c Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Critical |Normal -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=841048 https://bugzilla.novell.com/show_bug.cgi?id=841048#c2 Ruediger Oertel <ro@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|ro@suse.com | --- Comment #2 from Ruediger Oertel <ro@suse.com> 2013-09-23 12:45:06 UTC --- that's exactly what I'm setting but need this change to actually get the forward queue set for ipv6. If "IP6TABLES_HAVE_STATE" is set to "0", then IP6TABLES is disabled completely in line 708 in function set_basic_rules() and then when it gets to forwarding_rules() there is nothing set anymore for ipv6 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=841048 https://bugzilla.novell.com/show_bug.cgi?id=841048#c3 --- Comment #3 from Ludwig Nussel <lnussel@suse.com> 2013-09-23 15:01:31 CEST --- you need leave FW_IPv6 empty for FW_FORWARD_REJECT to work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com