| Summary: | Accept Echo request for IPV6 is ignored in Mageia CCM shorewall6, wrong port defined; FIX GIVEN | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | pat dealt <pat.dealt> |
| Component: | RPM Packages | Assignee: | Mageia tools maintainers <mageiatools> |
| Status: | NEW --- | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | libdrakx-net-2.55-1.mga8 | CVE: | |
| Status comment: | |||
Thank you for the detailed and helpful report. Assigning to mageiatools group. Summary:
Accept Echo request for IPV6 is ignored in Mageia CCM shorewall6 =>
Accept Echo request for IPV6 is ignored in Mageia CCM shorewall6, wrong port defined; FIX GIVEN |
Description of problem: IPv6 relies on ICMP(v6) then in order to have IPV6 fully operational, ICMP should be enabled. Echo request for IPV6 has to be authorized by firewall. When I activate, through Mageia CCM, the firewall for IPv6 (shorewall6) and tick the Echo request (ping"6") "for IPV6", the following rule is added in ip6tables : ACCEPT net fw icmp 8 - ... and echo request is not authorized because this rule is for IPV4 (shorewall/iptables instead of shorewall6/ip6tables). Version-Release number of selected component (if applicable): libdrakx-net-2.55-1.mga8 file : /lib/libDrakX/network/drakfirewall6.pm How reproducible: Permanent. Steps to Reproduce: 1.Select Echo request (ping) in CCM / firewall for IPV6.Save. 2.Try to contact your machine from outside with a ping6. 3.Result 100% failed Solution : To achieve the expected result, the following change is needed in /lib/libDrakX/network/drakfirewall6.pm : replace : { name => N_("Echo request (ping)"), ports => '8/icmp', force_default_selection => 0, }, by { name => N_("Echo request (ping)"), ports => '128/icmp', force_default_selection => 0, },