[FS#710] Firewall gives warning msgs when kmod-ipt-nat6 is installed
LEDE Bugs
lede-bugs at lists.infradead.org
Fri Apr 21 23:41:35 PDT 2017
The following task has a new comment added:
FS#710 - Firewall gives warning msgs when kmod-ipt-nat6 is installed
User who did this - Hannu Nyman (hnyman)
----------
This was discussed in forum in February in my R7800 community build thread adn I briefly looked into it then. I copy my investigation results here:
I think that the firewall fw3 only defines & creates those prerouting/postrouting hooks for ipv4, and then later some other part of the firewall finds also the ipv6 NAT table (due to nat6 being installed) and tries to attach similar hook rules to it as for the ipv4 NAT table, but it fails due to the missing hooks.
The definition of the pre/postrouting rules for only ipv4 "V4" family can be seen from:
https://git.lede-project.org/?p=project/firewall3.git;a=blob;f=zones.c;hb=HEAD#l26
https://git.lede-project.org/?p=project/firewall3.git;a=blob;f=defaults.c;hb=HEAD#l25
It is so rare to have IPv6 NAT installed, that it seems to expose a bug in the firewall code.
But I do not think that it generates any security risk, as it does not open anything for the outside world.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=710#comment2462
More information about the lede-bugs
mailing list