Andreas Steinmetz <ast@xxxxxxxx> wrote: > [please cc me on replies, I'm not subscribed] > > Link local traffic, i.e. traffic from fe80::/64 to the local fe80::/64 > address is always routable on an interface. So why > > ip6tables -w -A PREROUTING -i ppp+ -t raw -m rpfilter --invert -j DROP > > does filter incoming DHCP6 traffic? This was not true for kernels up to > 4.14.13, unknown state from then on and is filtered in 4.17.2. > > This is not good. One needs to send an IPv6 multicast packet and > receive a link local unicast packet for DHCP6 on a ppp device to > acquire IPv6 interface data from the provider. > And as I do have more than one ppp provider interface ppp+ is used. I agree, this is a bug, probably fixed in 4.18-rc1. I think its best to not even bother attempting to check fe80::/64 in first place, will work on a patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
