#880 closed System Defect (3rdpartybug)

Firewall configuration for interfaces created later

Reported by: mlaabs Owned by: kris
Priority: minor Milestone: 9.2
Component: System Configuration Version: 9-STABLE
Keywords: Cc: trac-bugs@…


I use sixxs for IPV6 access. The tunnel for the ipv6 connection is set up after the ipv4 network is up and running.
To allow e.g. ssh access to the ipv6 address I changed the firewall configuration in the gui tool. After restarting the firewall it worked as expected. After a reboot however the connection to the v6 address was blocked again.
The problem is probable that the rule for the tun0 interface don't get activated/applied before the tun0 interface actually exists.
Stop and start the firewall after ipv6 connection is established is also not applicable because already established connection becomes disconnected. (And unfortunately sixxs-aiccu has imho no option to execute a program after successful establishing a tunnel)

There are fixes that are possible:

Doing a restart of the firewall seems to keep current tcp connection untouched. Can be done with a wrapper or log file scanning script or patch of the aiccu program. Creating a tun0 interface before starting the firewall might also help. Maybe the pc-bsd maintainer can preconfigure some ipv6 tunneling e.g. via sixxs-aiccu.

Change History (2)

comment:1 Changed 18 months ago by joshms

  • Owner set to kris

comment:2 Changed 13 months ago by kris

  • Resolution set to 3rdpartybug
  • Status changed from new to closed

Closing for now:

This sounds more like a bug in the sixxs-aiccu port. Have you checked into fixing this port, or asking on any of the port maintainers if they could look into this? I try to keep low the number of ports I maintain, since it can get very time-consuming :)

Also, you may want to check if the bug persists on 10.0, or if the FreeBSD networking start / stop scripts now do the proper things.

Note: See TracTickets for help on using tickets.