Now that I finally have ipv6 access, I've found a problem with shorewall6 blocking icmpv6 packets interfering with ipv6 access. It sometimes works, but usually fails resulting in the slowing down of all network connections (waiting for ipv6 to fail), and blocking access to ipv6 only sites. drakfirewall6 should add rules allowing icmpv6 packets to be accepted by shorwall6 (shorewall-ipv6 rpm package) While less critical, it similarly should add rules for for ipv4 icmp packets.
Created attachment 12643 [details] Shorewall6 rules to accept icmpv6 packets Based on https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml I've put together the attached rules for shorewall6 to accept icmpv6 traffic.
Created attachment 12644 [details] shorewall rules to accpet icmp (ipv4) packets While less critical for ipv4, here are the rules for icmp packets based on https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml For both lists, unassigned, deprecated, reserved, and experimental packet types have been excluded.
Whiteboard: (none) => MGA7TOOAssignee: bugsquad => mageiatools
This reminds me of the complaint in the recent Distrowatch review about how shorewall in Mageia handles IPv4 and IPv6 separately. Maybe it's time to rebase our firewall support on firewalld like RedHat/SUSE have done, and which now handle both protocols consistently.