[FS#1111] I have fresh install on WR740N and I discovered ip6tables setup is empty
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Oct 25 03:40:48 PDT 2017
The following task has a new comment added:
FS#1111 - I have fresh install on WR740N and I discovered ip6tables setup is empty
User who did this - Mathias Kresin (mkresin)
----------
Please provide the informations you already were told to provide on IRC:
13:51:33 < jow> please pastebin /etc/config/firewall and the output of
"ip6tables-save" too, while you're at it
14:03:02 < jow> you could open a bug report, but that would need the output of
"ip6tables-save" and /etc/config/firewall too
For reference the relevant "ip6tables --list -nv" output of a freshly booted LEDE Reboot SNAPSHOT r5122-f7a6fd3153:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0 /* !fw3 */
0 0 input_rule all * * ::/0 ::/0 /* !fw3: user chain for input */
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED /* !fw3 */
0 0 syn_flood tcp * * ::/0 ::/0 tcp flags:0x17/0x02 /* !fw3 */
0 0 zone_lan_input all br-lan * ::/0 ::/0 /* !fw3 */
0 0 zone_wan_input all dsl0.7 * ::/0 ::/0 /* !fw3 */
Chain reject (3 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp * * ::/0 ::/0 /* !fw3 */ reject-with tcp-reset
0 0 REJECT all * * ::/0 ::/0 /* !fw3 */ reject-with icmp6-port-unreachable
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_wan_rule all * * ::/0 ::/0 /* !fw3: user chain for input */
0 0 ACCEPT udp * * fc00::/6 fc00::/6 udp dpt:546 /* !fw3: Allow-DHCPv6 */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 code 0 /* !fw3: Allow-MLD */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 code 0 /* !fw3: Allow-MLD */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 code 0 /* !fw3: Allow-MLD */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 code 0 /* !fw3: Allow-MLD */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 0 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
0 0 zone_wan_src_REJECT all * * ::/0 ::/0 /* !fw3 */
Chain zone_wan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all dsl0.7 * ::/0 ::/0 /* !fw3 */
Looks pretty much as expected. Only IPv6 ICMP packages are accepted via wan.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1111#comment3689
More information about the lede-bugs
mailing list