Re: DHCPv6 *still* broken for F17 alpha
- From: Bjørn Mork <bjorn mork no>
- To: Jiri Popelka <jpopelka redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: DHCPv6 *still* broken for F17 alpha
- Date: Tue, 28 Feb 2012 20:44:34 +0100
Jiri Popelka <jpopelka redhat com> writes:
> On 02/28/2012 06:18 AM, Dan Williams wrote:
>> On Mon, 2012-02-27 at 23:27 -0500, Paul Wouters wrote:
>>> Can we please address the following bug that is almsot two years old.
>>> This bug causes long delays for people enabling IPV6, and causes
>>> Fedora to not get any connectivity on IPv6 only networks, unless you
>>> disable/reconfigure ip6tables manually
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=552099
>>> https://bugzilla.redhat.com/show_bug.cgi?id=591630
>>>
>>> Please, just add the following rules to the default ip6tables:
>>>
>>> -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT
>>>
>>> It would be REALLY nice if we can get this into F17 this time.
>> At least for NM I suppose I could hack this in, but it would be really
>> nice to get the IPv6 rules as default somewhere.
>>
>> Dan
> Hi,
>
> I could possibly take a look at this.
> What about something like:
> - add nm_firewall_manager_allow_dhcpv6_client() to NMFirewallManager
> - pass NMFirewallManager to NMDHCPManager
> - call nm_firewall_manager_allow_dhcpv6_client() either in
> nm-dhcp-manager.c:client_start() or
> nm-dhcp-client.c:nm_dhcp_client_start_ip6()
If you do, then please consider that any address which matches fe80::/10
without also matching fe80::/64 is invalid. Ref
http://tools.ietf.org/html/rfc4291#section-2.5.6
Any link local matching rule should use fe80::/64.
Bjørn
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
