Hi

:~# cat /etc/shorewall/policy
#SOURCE     DEST        POLICY      LOG LEVEL   LIMIT:BURST
lan         all         ACCEPT       -
$FW         all         ACCEPT       -
vpn         lan         ACCEPT       -
vpn         $FW         ACCEPT       -
*inet        $FW         DROP         -*
inet        lan         ACCEPT        -
all         all         ACCEPT       -

root@816d1542-4549-1603-ed4b-f064baa63222:~# cat /etc/shorewall6/
cat: /etc/shorewall6/: Is a directory
~# cat /etc/shorewall6/policy
#SOURCE     DEST        POLICY      LOG LEVEL   LIMIT:BURST
lan         all         ACCEPT       -
$FW         all         ACCEPT       -
vpn         lan         ACCEPT       -
vpn         $FW         ACCEPT       -
*inet6       $FW         DROP         info(ip_options,macdecode)*
inet6       lan         ACCEPT        -
all         all         ACCEPT       -

I have the above rules for shorewall and shorewall6.
I am running dhcp and dhcpv6 server on vyos router in inet/inet6 zone,
Even  though i have a drop rule for packets from inet zone, dhcp interface
is getting ipv4 address .
But for ipv6 the advertise packets(packets from dhcpv6 server) are getting
dropped by the firewall. Why is this happening? Any input will be helpful.


Thanks,
Nag
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to