#4900 ipv6 firewall still not working
This is strange. IPv6 firewall rules were previously refusing to load (on Ubuntu 16.04 LTS) and that problem has been fixed (thank you), but as soon as I enable the firewall using the "Block all except ports used for virtual hosting" configuration everything (on IPv6) is blocked. No traffic gets through on any port or protocol as far as I can tell. The same rules work fine with IPv4 and I can see nothing obviously wrong in /etc/ip6tables.up.rules.
By trial and error, I found that adding a simple accept rule "If protocol is ICMPV6" at the top restores everything. Pings now work as you would expect, but more surprisingly TCP filtering now works properly. (I can't easily test UDP because my local connection doesn't support IPv6 yet so I'm using external tools such as http://www.subnetonline.com/pages/ipv6-network-tools.php)
So it looks as if there's still something wrong with the ICMPv6 filtering syntax. I don't understand why that should affect TCP as well.
I'm not sure if this is relevant, but there seems to be a delay of a minute or so between applying that additional accept ICMPV6 rule and things recovering.
Also possibly relevant is that I'm using fail2ban with standard jail "iptables-ipset-proto6-allports" which gets chained in. I wonder if that has something to do with the apparent delay.
I'm not sure where to go from here with diagnostics. Happy to provide any further details as long as they don't involve taking the server offline for too long. Normally I would test this sort of thing on a VM but as I say I don't have IPv6 locally.
That is surprising - I haven't seen this problem on my test systems.
Can you post the exact rule that you added from your firewall config file?
I just added under *filter:
-A INPUT -p icmpv6 -j ACCEPT
Ok, in the next release of Webmin I will change the default ipv6 firewall rules to allow all ICMPv6 traffic, rather than just specific packet types as it is now.