On 03/02/2012 03:59 PM, Tore Anderson wrote: > * Tom Callaway > >> As a temporary fix until the more "complete" service entry can be >> added, I propose this patch. Anaconda invokes: >> >> /usr/sbin/lokkit --quiet --nostart -f >> >> This writes out the "default" firewall, where everything is locked >> down, except for the hardcoded rules in system-config-firewall >> (ESTABLISHED,RELATED, lo, ipv6-icmp). I simply added the dhcpv6 >> accept to those hardcoded rules. >> >> The obvious downside to this approach is that dhcpv6 connections >> will always be explicitly accepted in generated ip6tables from the >> system-config-firewall tools, for all network devices, and users >> that want to change that will need to manually edit >> /etc/sysconfig/ip6tables. > > I agree completely that such a rule should be included by default in > /etc/sysconfig/ip6tables for now. That said, regarding the actual rule > you're proposing, I have some comments: <comments snipped> I know less than nothing about DHCPv6. I used the rule offered earlier in the thread by Paul Wouters. If there is a more appropriate ruleset, please tell me what it is and I'll regenerate the patch. ~tom == Fedora Project -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
