Firewall global state options don't appear to work for IPv6

callmeq · February 25, 2024, 1:47am

Hi all,

While setting up IPv6 on my PPPoE connection I ran into an issue where I could ping an external IPv6 address from a device on my LAN (because I had explicitly allowed this to get functioning IPv6) but all other IPv6 traffic was broken.

After a little head scratching I came to the conclusion that it must have been caused by the global firewall state options not being applied.

Sure enough as soon as I explicitly added the standard accept established and accept related rules to WAN-LAN-6 I had working IPv6.

Just wanted to check that the behaviour I am seeing is intended or if it is a bug?

Here are the global state options I have that work for IPv4 but not IPv6:

state-policy {
     established {
         action accept
     }
     invalid {
         action drop
         log
     }
     related {
         action accept
     }
 }

This is using 1.5-rolling-202402170022

Thisistheoldplan · June 25, 2024, 9:51am

I’m seeing the same problem when using global options from quickstart.

What would the minimum ipv6 config be when using global options?

n.fort · June 25, 2024, 10:18am

Running latest 1.5? If so, please check Dhcp6c - unable to get IPv6-PD "Operation not permitted" - #2 by n.fort

Thisistheoldplan · June 25, 2024, 3:53pm

that was indeed the problem. The patch fixed it