[Trac-bugs] [PC-BSD Trac] #880: Firewall configuration for interfaces created later

PC-BSD trac at pcbsd.org
Wed Dec 25 12:38:36 PST 2013


#880: Firewall configuration for interfaces created later
----------------------------------+----------------------
 Reporter:  mlaabs                |      Owner:
     Type:  System Defect         |     Status:  new
 Priority:  minor                 |  Milestone:  9.2
Component:  System Configuration  |    Version:  9-STABLE
 Keywords:                        |
----------------------------------+----------------------
 I use sixxs for IPV6 access. The tunnel for the ipv6 connection is set up
 after the ipv4 network is up and running.
 To allow e.g. ssh access to the ipv6 address I changed the firewall
 configuration in the gui tool. After restarting the firewall it worked as
 expected. After a reboot however the connection to the v6 address was
 blocked again.
 The problem is probable that the rule for the tun0 interface don't get
 activated/applied before the tun0 interface actually exists.
 Stop and start the firewall after ipv6 connection is established is also
 not applicable because already established connection becomes
 disconnected. (And unfortunately sixxs-aiccu has imho no option to execute
 a program after successful establishing a tunnel)

 There are fixes that are possible:

 Doing a restart of the firewall seems to keep current tcp connection
 untouched. Can be done with a wrapper or log file scanning script or patch
 of the aiccu program. Creating a tun0 interface before starting the
 firewall might also help. Maybe the pc-bsd maintainer can preconfigure
 some ipv6 tunneling e.g. via sixxs-aiccu.

--
Ticket URL: <http://trac.pcbsd.org/ticket/880>
PC-BSD <http://trac.pcbsd.org>
PC-BSD Project Management


More information about the Trac-bugs mailing list