From f66a494cc2e5e84a19c4abe2d8f6516265457926 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 12 Nov 2020 00:47:05 +0100
Subject: [PATCH] Allow DHCPv6 replies on uplink interface, if ipv6 is enabled

Fixes QubesOS/qubes-issues#5886
---
 network/ip6tables-enabled | 1 +
 1 file changed, 1 insertion(+)

diff --git a/network/ip6tables-enabled b/network/ip6tables-enabled
index fc5aec1..d2e4a56 100644
--- a/network/ip6tables-enabled
+++ b/network/ip6tables-enabled
@@ -26,6 +26,7 @@ COMMIT
 -A INPUT -m state --state INVALID -j DROP
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT ! -i vif+ -p udp -s fe80::/64 -d fe80::/64 --dport 546 -j ACCEPT
 -A INPUT -i vif+ -p icmpv6 --icmpv6-type router-advertisement -j DROP
 -A INPUT -i vif+ -p icmpv6 --icmpv6-type redirect -j DROP
 -A INPUT -i vif+ -p icmpv6 -j ACCEPT