DHCPv6 *still* broken for F17 alpha

Tom Callaway tcallawa at redhat.com
Fri Mar 2 21:17:01 UTC 2012

On 03/02/2012 03:59 PM, Tore Anderson wrote:
> * Tom Callaway
>> As a temporary fix until the more "complete" service entry can be
>> added, I propose this patch. Anaconda invokes:
>> /usr/sbin/lokkit --quiet --nostart -f
>> This writes out the "default" firewall, where everything is locked
>> down, except for the hardcoded rules in system-config-firewall 
>> (ESTABLISHED,RELATED, lo, ipv6-icmp). I simply added the dhcpv6
>> accept to those hardcoded rules.
>> The obvious downside to this approach is that dhcpv6 connections
>> will always be explicitly accepted in generated ip6tables from the 
>> system-config-firewall tools, for all network devices, and users
>> that want to change that will need to manually edit
>> /etc/sysconfig/ip6tables.
> I agree completely that such a rule should be included by default in
> /etc/sysconfig/ip6tables for now. That said, regarding the actual rule
> you're proposing, I have some comments:

<comments snipped>

I know less than nothing about DHCPv6. I used the rule offered earlier
in the thread by Paul Wouters. If there is a more appropriate ruleset,
please tell me what it is and I'll regenerate the patch.


Fedora Project

More information about the devel mailing list