Gogogc is by default to set host_type=host, to only route IPv6 traffic to and from the local host, without forwarding any traffic to a LAN.
If one doesn't want gogoc to act as a router, one shouldn't put gogoc into router mode. And when one uses gogoc in router mode, one probably want to restart radvd with a new configuration file. Is it possibly to add a /etc/radvd.cond.d/, like other tools (like sudo with /etc/sudoes.d/ and apt with /etc/apt/sources.list.d/)? That would solve this problem. What could be done is also to put a comment in /etc/gogoc/gogoc.conf above host_type so that if one edit gogoc.conf to act as a router (host_type=router), one is warned by that line to also set up a firewall for IPv6. Information about what happens when put in router mode could also be added in /usr/share/doc/gogoc/Debian.README. That a firewall with forward rules is needed when in router mode. Maybe a suggestion of tools to use? Shorewall6 and Ufw would be my suggestions. Ufw do have support upstream for handling FORWARD rules. So, please add some/all of those suggestions and close this bug. Yours Anders Jackson On Tue, 25 Jan 2011 13:49:47 +1100 Craig Small <csm...@debian.org> wrote: > On Tue, Jan 25, 2011 at 03:41:46AM +0500, Roman Mamedov wrote: > > My conclusion is that the 'linux.sh' script currently does way too much > > automation, assuming it 'knows better' what the user wants. And among this, > > it > > does things which are plain dangerous, not warning about them. > Generally speaking it does know better. Yes, I do agree on this. At least in its use case. If one knows better than gogoc, one can use /etc/network/interfaces. > > I suggest adding a configuration file option to set whether or not linux.sh > > should control RADVD and configure forwarding, and have that option off by > > default. > I wouldn't turn it off by default, people should know what a router is. > By default the config sets you up as a host, which shouldn't be doing > anything. > > I will look into editing the linux.sh so you can disable certain things. That could be a solution, but a more intrusive one. > - Craig > Yours, Anders Jackson
smime.p7s
Description: S/MIME cryptographic signature