Jiri Popelka <[email protected]> writes: > On 02/28/2012 06:18 AM, Dan Williams wrote: >> On Mon, 2012-02-27 at 23:27 -0500, Paul Wouters wrote: >>> Can we please address the following bug that is almsot two years old. >>> This bug causes long delays for people enabling IPV6, and causes >>> Fedora to not get any connectivity on IPv6 only networks, unless you >>> disable/reconfigure ip6tables manually >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=552099 >>> https://bugzilla.redhat.com/show_bug.cgi?id=591630 >>> >>> Please, just add the following rules to the default ip6tables: >>> >>> -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s >>> fe80::/10 -d fe80::/10 -j ACCEPT >>> >>> It would be REALLY nice if we can get this into F17 this time. >> At least for NM I suppose I could hack this in, but it would be really >> nice to get the IPv6 rules as default somewhere. >> >> Dan > Hi, > > I could possibly take a look at this. > What about something like: > - add nm_firewall_manager_allow_dhcpv6_client() to NMFirewallManager > - pass NMFirewallManager to NMDHCPManager > - call nm_firewall_manager_allow_dhcpv6_client() either in > nm-dhcp-manager.c:client_start() or > nm-dhcp-client.c:nm_dhcp_client_start_ip6()
If you do, then please consider that any address which matches fe80::/10 without also matching fe80::/64 is invalid. Ref http://tools.ietf.org/html/rfc4291#section-2.5.6 Any link local matching rule should use fe80::/64. Bjørn _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
