Re: [PATCH] firewall-manager: allow dhcpv6-client service



* Jiri Popelka

> Yes and thank *you* to the outstanding work you've done in RHBZ#538499.

Just a few itsy bitsy teenie weenie patches left to apply before
NM/Fedora's IPv6 support is on par with Windows' and Mac OS X's...

> We are talking about FirewallD [1] which should [2] be the default
> firewall solution in F17.
> However the latest version in F17 doesn't include the dhcpv6-client
> service [3]
> yet but some updates will follow soon.
> 
> [1] https://fedorahosted.org/firewalld/
>       https://fedoraproject.org/wiki/FirewallD/
> [2] https://fedorahosted.org/fesco/ticket/805
> [3]
> https://fedorahosted.org/pipermail/firewalld-devel/2012-February/000001.html

Thanks, now I've gotten to test this properly on F17. Some observations:

1) Applying the patch on top of the latest NetworkManager SRPM doesn't
allow the package to build correctly on F17, while it does on F16. In
managed to solve this by adding the following three command above the
first %configure step:

aclocal --force
libtoolize --force
automake --force

2) FirewallD 0.2.2-1 has a serious problem in its default rule set that
is preventing any form of IPv6 connectivity from ever working, see
https://bugzilla.redhat.com/show_bug.cgi?id=801182 .

3) I saw the following error message appear in the logs a few times:

<warn> (p17p1) firewall zone add/change failed: (32) ZONE_ALREADY_SET

These occured while I was working on problem #2, so things couldn't have
worked anyway. When I retried the connection after fixing that, the
firewall hole for DHCPv6 in the public zone was successfully added. I
don't know if this was a random success, or if the ZONE_ALREADY_SET
failure was caused by problem #2 somehow.

4) NetworkManager itself defaults to ignoring IPv6 (in other words never
starting DHCPv6) on wired ethernet connections. This prevents DHCPv6
from functioning out of the box even with the a fixed firewalld and your
patch in place (or no firewall at all for that matter). See
https://bugzilla.redhat.com/show_bug.cgi?id=798697 and
http://mail.gnome.org/archives/networkmanager-list/2011-August/msg00063.html
(only the last hunk of the patch is relevant for this particular issue).

Best regards,
-- 
Tore Anderson


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]