Opened 4 months ago

Last modified 3 months ago

#880 new System Defect

Firewall configuration for interfaces created later

Reported by: mlaabs Owned by: kris
Priority: minor Milestone: 9.2
Component: System Configuration Version: 9-STABLE
Keywords: Cc: trac-bugs@…

Description

I use sixxs for IPV6 access. The tunnel for the ipv6 connection is set up after the ipv4 network is up and running.
To allow e.g. ssh access to the ipv6 address I changed the firewall configuration in the gui tool. After restarting the firewall it worked as expected. After a reboot however the connection to the v6 address was blocked again.
The problem is probable that the rule for the tun0 interface don't get activated/applied before the tun0 interface actually exists.
Stop and start the firewall after ipv6 connection is established is also not applicable because already established connection becomes disconnected. (And unfortunately sixxs-aiccu has imho no option to execute a program after successful establishing a tunnel)

There are fixes that are possible:

Doing a restart of the firewall seems to keep current tcp connection untouched. Can be done with a wrapper or log file scanning script or patch of the aiccu program. Creating a tun0 interface before starting the firewall might also help. Maybe the pc-bsd maintainer can preconfigure some ipv6 tunneling e.g. via sixxs-aiccu.

Change History (1)

comment:1 Changed 3 months ago by joshms

  • Owner set to kris
Note: See TracTickets for help on using tickets.