Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow DHCPv6 replies on uplink interface, if ipv6 is enabled

Browse Source 
Fixes QubesOS/qubes-issues#5886
This commit is contained in:
Marek Marczykowski-Górecki 2020-11-12 00:47:05 +01:00
parent 5ddc118429
commit f66a494cc2
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
network/ip6tables-enabled
View File

@ -26,6 +26,7 @@ COMMIT
-A INPUT -m state --state INVALID -j DROP -A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i vif+ -p udp -s fe80::/64 -d fe80::/64 --dport 546 -j ACCEPT
-A INPUT -i vif+ -p icmpv6 --icmpv6-type router-advertisement -j DROP -A INPUT -i vif+ -p icmpv6 --icmpv6-type router-advertisement -j DROP
-A INPUT -i vif+ -p icmpv6 --icmpv6-type redirect -j DROP -A INPUT -i vif+ -p icmpv6 --icmpv6-type redirect -j DROP
-A INPUT -i vif+ -p icmpv6 -j ACCEPT -A INPUT -i vif+ -p icmpv6 -j ACCEPT