|
 |
36ae71 |
commit 59b0e97ac32ad76b426c56d0b785e38b4176bef5
|
|
|
36ae71 |
Author: Jiri Popelka <jpopelka@redhat.com>
|
|
|
36ae71 |
Date: Wed Feb 5 17:13:38 2014 +0100
|
|
|
36ae71 |
|
|
|
36ae71 |
Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
|
|
|
36ae71 |
|
|
|
36ae71 |
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
|
|
|
36ae71 |
index 601e8f7..1d6112b 100644
|
|
|
36ae71 |
--- a/src/firewall/core/fw.py
|
|
|
36ae71 |
+++ b/src/firewall/core/fw.py
|
|
|
36ae71 |
@@ -522,6 +522,10 @@ class Firewall:
|
|
|
36ae71 |
if self.ipv6_rpfilter_enabled:
|
|
|
36ae71 |
if self.is_table_available("ipv6", "raw"):
|
|
|
36ae71 |
rule = [ "-t", "raw", "-I", "PREROUTING", "1",
|
|
|
36ae71 |
+ "-p", "icmpv6", "--icmpv6-type=router-advertisement",
|
|
|
36ae71 |
+ "-j", "ACCEPT" ] # RHBZ#1058505
|
|
|
36ae71 |
+ self.rule("ipv6", rule)
|
|
|
36ae71 |
+ rule = [ "-t", "raw", "-I", "PREROUTING", "2",
|
|
|
36ae71 |
"-m", "rpfilter", "--invert", "-j", "DROP" ]
|
|
|
36ae71 |
self.rule("ipv6", rule)
|
|
|
36ae71 |
|