Enable global IPv6 forwarding #4376
Merged
Commits on Jul 11, 2024
-
Always enable global IPv6 forwarding
Global forwarding works differently for IPv6: conf/all/forwarding - BOOLEAN Enable global IPv6 forwarding between all interfaces. IPv4 and IPv6 work differently here; e.g. netfilter must be used to control which interfaces may forward packets and which not. https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt It is not possible to configure the IPv6 forwarding per interface by setting the net.ipv6.conf.<ifname>.forwarding sysctl. Instead, the opposite approach is required where the global forwarding is enabled and an iptables policy is added to restrict it by default. To ensure consistent behavior between IPv4/IPv6 and limit the forwarding scope for IPv4 networks this commit configures the default DROP policy for all configured IP families. Signed-off-by: Patryk Diak <pdiak@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.