[please cc me on replies, I'm not subscribed] Link local traffic, i.e. traffic from fe80::/64 to the local fe80::/64 address is always routable on an interface. So why ip6tables -w -A PREROUTING -i ppp+ -t raw -m rpfilter --invert -j DROP does filter incoming DHCP6 traffic? This was not true for kernels up to 4.14.13, unknown state from then on and is filtered in 4.17.2. This is not good. One needs to send an IPv6 multicast packet and receive a link local unicast packet for DHCP6 on a ppp device to acquire IPv6 interface data from the provider. And as I do have more than one ppp provider interface ppp+ is used. -- Andreas Steinmetz SPAMmers use robotrap@xxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
