Overview

File susefirewall2-allow-dhcpv6.patch of Package SuSEfirewall2.openSUSE_13.1_Update

commit f0f4f9a7da2ff7682c65d8cd1f406577464d6cf5
Author: Marcus Meissner <meissner@suse.de>
Date:   Tue May 27 10:50:25 2014 +0200

    Allow incoming DHCPv6 replies, currently unlimited.
    
    Reason for this is the more or less unpredictable source
    of these replies. A connection tracker would be more helpful
    though. bnc#867819,bnc#868031

diff --git a/SuSEfirewall2 b/SuSEfirewall2
index 97d34af..c361d62 100755
--- a/SuSEfirewall2
+++ b/SuSEfirewall2
@@ -798,6 +798,11 @@ function set_basic_rules()
 
     allow_basic_established
 
+    # Allow DHCPv6 by default. While the requests go out to multicast address, they
+    # can come back from unicast hosts and we might not know them.
+    $LAA $IP6TABLES -A INPUT -p udp --dport dhcpv6-client ${LOG}"-IN-DHCPv6 "
+    $IP6TABLES -A INPUT -p udp --dport dhcpv6-client -j "$ACCEPT"
+
     # make sure basic rules get committed even if there are errors later
     [ -n "$USE_IPTABLES_BATCH" ] && iptables_batch_commitpoint
 }
openSUSE Build Service is sponsored by
Places