[opensuse] IPv6 and SuSEfirewall2 question

8 May 2015

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I saw this entry in the firewall log:

<0.4> 2015-05-08 15:16:05 minas-tirith kernel - - - [175655.346891] SFW2-INext-DROP-DEFLT IN=wlan0 OUT=
        MAC=33:33:00:00:00:fb:00:1e:0b:08:4c:cb:86:dd
        SRC=fe80:0000:0000:0000:021e:0bff:fe08:4ccb
        DST=ff02:0000:0000:0000:0000:0000:0000:00fb
        LEN=667 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=5353 DPT=5353 LEN=627

Port 5353 is mdns. I want to allow this and see what happens. So I added a 
line to FW_TRUSTED_NETS, like this:

FW_TRUSTED_NETS="192.168.1.14,tcp,ftp  192.168.1.14,tcp,ftp-data  \
         192.168.1.14,tcp,imap   192.168.1.14,tcp,imaps  \
         192.168.1.14,tcp,nfs    \
         fe80:0000:0000:0000:021e:0bff:fe08:4ccb,udp,mdns"

But it produces an error:

minas-tirith:~ # SuSEfirewall2 
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
iptables-batch v1.4.21: host/network `fe80:0000:0000:0000:021e:0bff:fe08:4ccb' not found
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
iptables v1.4.21: host/network `fe80:0000:0000:0000:021e:0bff:fe08:4ccb' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: host/network `fe80:0000:0000:0000:021e:0bff:fe08:4ccb' not found
Try `iptables -h' or 'iptables --help' for more information.
SuSEfirewall2: Firewall rules successfully set
minas-tirith:~ #

I also tried

         fe80:0:0:0::/64,udp,mdns"

and I got:

minas-tirith:~ # SuSEfirewall2
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
iptables-batch v1.4.21: invalid mask `64' specified
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
iptables v1.4.21: invalid mask `64' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: invalid mask `64' specified
Try `iptables -h' or 'iptables --help' for more information.
SuSEfirewall2: Firewall rules successfully set
minas-tirith:~ #

Doesn't SuSEfirewall accept IPv6 rules, or is support incomplete, or am I 
doing it wrong?

It is the first time I try to add a rule for IPv6, and I know very little 
about it.

- -- 
Cheers
        Carlos E. R.

        (from 13.1 x86_64 "Bottle" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlVNDyAACgkQja8UbcUWM1y7DAD/adKkFtntp2w5X3VcJy4puH9t
b76egBph1iVv8DPzwEIA/RNivRNmuipUU/9IJFSCrwqSvvGCMOpEgm4f9ABEP6y2
=MvxG
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org