#5 IPv6 forwarding not handled optimal

closed-rejected
nobody
None
5
2009-07-17
2009-02-12
misch42
No

Hi,

I am testing with fwbuilder and IPv6. Creating a IPv6 policy for Linux iptables adds the following line to the script:

echo 1 > /proc/sys/net/ipv4/ip_forward

which is not completely correct. Should be better a:

echo 1 >/proc/sys/net/ipv6/conf/all/forwarding

if the script is marked IPv6 and uses ip6tables.

Greetings, Michael.

Discussion

  • misch42

    misch42 - 2009-02-12
    • summary: IPv6 forwarding done wrong --> IPv6 forwarding not handled optimal
     
  • misch42

    misch42 - 2009-02-12

    OK. I found the button.

    Anyway, make it a feature request:
    - In the host settings "enable packet forwarding"
    - if policy is IPv4: echo 1 > .../ipv4/ip_forward
    - if policy is IPv6: echo 1 > .../ipv6/.../forward
    - if policy is both: make both.

    Greetings,

     
  • Vadim Kurland

    Vadim Kurland - 2009-07-17
    • status: open --> closed-rejected
     
  • Vadim Kurland

    Vadim Kurland - 2009-07-17

    There could be legitimate combinations where one would want to enable ipv4 forwarding but disable ipv6 forwarding even having some ipv6 rules to control ipv6 access to the firewall itself. I think separate controls that allow the user turn ipv4 and ipv6 forwarding on and off explicitly is more flexible approach with rather small drawbacks.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks