On Wed, 21 Mar 2018, Sean A wrote:
Hello,
We have just encountered a strange scenario with firewalld and ipv6. We are
running SL 7.4, with kernel 3.10.0-693.21.1.el7.x86_64 and firewalld-0.4.4.4-6,
but this situation has existed for nearly a year, if not longer.
For a long time, I have thought our infrastructure team just didn't have
IPv6 Routing or Boundary Firewall rules setup right because I have not
been able to ping6 sites like google.com.... (site info scrubbed) -
Its a strange thing, but the first few successful pings after stopping
firewalld take a long time. When I start firewalld, the pings will
continue to succeed for a period of time, then the network will become
unreachable again at some point later.
From a ruleset perspective, we do not filter outbound packets.
We do use the drop zone as default, but both my system and my colleague's have
different input filtering. e.g. My system is a desktop, the system my
colleague was working on is a dns server.
Could the problem be that the firewall is blocking some sort of routing reply
(somethng like arp or dns, but not necessarily either of those) so that
the system doesn't know where to send the outgoing packets.
When the firewall is turned on again I guess that packets continue to
be sent until the system realises that they aren't being
acknowledged...
--
Andrew C. Aitchison Cambridge, UK
[email protected]
