DHCPv6 *still* broken for F17 alpha
Tom Callaway
tcallawa at redhat.com
Fri Mar 2 21:17:01 UTC 2012
On 03/02/2012 03:59 PM, Tore Anderson wrote:
> * Tom Callaway
>
>> As a temporary fix until the more "complete" service entry can be
>> added, I propose this patch. Anaconda invokes:
>>
>> /usr/sbin/lokkit --quiet --nostart -f
>>
>> This writes out the "default" firewall, where everything is locked
>> down, except for the hardcoded rules in system-config-firewall
>> (ESTABLISHED,RELATED, lo, ipv6-icmp). I simply added the dhcpv6
>> accept to those hardcoded rules.
>>
>> The obvious downside to this approach is that dhcpv6 connections
>> will always be explicitly accepted in generated ip6tables from the
>> system-config-firewall tools, for all network devices, and users
>> that want to change that will need to manually edit
>> /etc/sysconfig/ip6tables.
>
> I agree completely that such a rule should be included by default in
> /etc/sysconfig/ip6tables for now. That said, regarding the actual rule
> you're proposing, I have some comments:
<comments snipped>
I know less than nothing about DHCPv6. I used the rule offered earlier
in the thread by Paul Wouters. If there is a more appropriate ruleset,
please tell me what it is and I'll regenerate the patch.
~tom
==
Fedora Project
More information about the devel
mailing list