Hello, I have a machine which is a DHCPv6 client on a PPPoE connection. It also has:
sysctl -w net.netfilter.nf_conntrack_tcp_loose=0 ip6tables -t raw -A PREROUTING ! -i lo -m rpfilter --invert -j DROP After commits: netfilter: don't set F_IFACE on ipv6 fib lookups http://patchwork.ozlabs.org/patch/873574/ netfilter: ip6t_rpfilter: provide input interface for route lookup https://patchwork.ozlabs.org/patch/919290/ ...the DHCPv6 client no longer sees any replies from the server. They are now filtered out by rpfilter. Removing the ip6tables rule shown above, or rolling back both of these commits, makes it all work fine again. >From commit messages it doesn't appear like this would be a "by design" behavior of these changes. I did not test if other kernel branches (4.17 et al) are affected, but if they also have both of these, I guess they likely are. -- With respect, Roman -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
