[iptables] add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
Jiří Popelka
jpopelka at fedoraproject.org
Mon Dec 1 11:46:39 UTC 2014
commit 69f9a1a33c1a7152cb7d4473b6e7580d147b3e8a
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Mon Dec 1 12:46:00 2014 +0100
add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
In firewalld it's also allowed by default.
iptables.spec | 5 ++++-
sysconfig_ip6tables | 1 +
2 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/iptables.spec b/iptables.spec
index 1448f1c..fde6de2 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -7,7 +7,7 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
Version: 1.4.21
-Release: 13%{?dist}
+Release: 14%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
@@ -221,6 +221,9 @@ done
%changelog
+* Mon Dec 01 2014 Jiri Popelka <jpopelka at redhat.com> - 1.4.21-14
+- add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
+
* Mon Nov 03 2014 Jiri Popelka <jpopelka at redhat.com> - 1.4.21-13
- iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
diff --git a/sysconfig_ip6tables b/sysconfig_ip6tables
index 1c1a825..34b8b87 100644
--- a/sysconfig_ip6tables
+++ b/sysconfig_ip6tables
@@ -9,6 +9,7 @@
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
More information about the scm-commits
mailing list