http://bugzilla.suse.com/show_bug.cgi?id=1105821
http://bugzilla.suse.com/show_bug.cgi?id=1105821#c8
--- Comment #8 from Markos Chandras ---
iptables and nftables can co-exist. So if you have a direct iptables rule then
it's still added to the iptables chain but I am not sure if this is the best
way to achieve that.
Would it make sense to use a rich rule to achieve what you want?
firewall-cmd --add-rich-rule 'rule family=ipv6 protocol value=ipv6-icmp accept'
Seems like your interface is assigned to the 'drop' zone which is very
restrictive by nature.
https://firewalld.org/documentation/man-pages/firewalld.zones.html
What you are effectively asking here is for firewalld to allow non-conntrack
packages by default and I am not sure it would make sense for this to become a
default option.
Please consider the rich-rule option instead.
--
You are receiving this mail because:
You are on the CC list for the bug.
