[Bug 841046] New: SuSEfirewall2: support IPv6 in FW_TRUSTED_NETS
https://bugzilla.novell.com/show_bug.cgi?id=841046 https://bugzilla.novell.com/show_bug.cgi?id=841046#c0 Summary: SuSEfirewall2: support IPv6 in FW_TRUSTED_NETS Classification: openSUSE Product: openSUSE Factory Version: 13.1 Beta 1 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: lnussel@suse.com ReportedBy: ro@suse.com QAContact: qa-bugs@suse.de CC: mt@suse.com Found By: Development Blocker: --- little patch for ipv6 support: mirrorbrain:/sbin # diff -u SuSEfirewall2 SuSEfirewall2.rudi --- SuSEfirewall2 2013-09-18 12:15:17.000000000 +0200 +++ SuSEfirewall2.rudi 2013-09-18 12:15:10.000000000 +0200 @@ -1482,6 +1482,12 @@ net="$1" proto="$2" port="$3" + iptables="$IPTABLES $IP6TABLES" + case "$net" in + *:*) iptables="$IP6TABLES" ;; + [0-9]*.*.*.*) iptables="$IPTABLES" ;; + esac + if [ -n "$4" ]; then error "Too many arguments in FW_TRUSTED_NETS -> $nets" elif [ -z "$net" ]; then @@ -1491,9 +1497,9 @@ elif check_proto_port "$proto" "$port" "" 'FW_TRUSTED_NETS'; then for chain in $input_zones; do # trusted networks can be on any interface ... chain=input_$chain - $LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-TRUST " -m state --state NEW -s $net $proto $port - $LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-TRUST " -s $net $proto $port - $IPTABLES -A $chain -j "$ACCEPT" -m state --state NEW,ESTABLISHED,RELATED -s $net $proto $port + $LAC $iptables -A $chain ${LOG}"-`rulelog $chain`-ACC-TRUST " -m state --state NEW -s $net $proto $port + $LAA $iptables -A $chain ${LOG}"-`rulelog $chain`-ACC-TRUST " -s $net $proto $port + $iptables -A $chain -j "$ACCEPT" -m state --state NEW,ESTABLISHED,RELATED -s $net $proto $port done fi done -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=841046 https://bugzilla.novell.com/show_bug.cgi?id=841046#c1 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@suse.com AssignedTo|lnussel@suse.com |meissner@suse.com Severity|Critical |Normal --- Comment #1 from Ludwig Nussel <lnussel@suse.com> 2013-09-23 10:12:23 CEST --- FW_TRUSTED_NETS is meant to be phased out in favor of FW_SERVICES_ACCEPT_* that why no effort was made to make it support IPv6. The change could be applied though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=841046 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com