[Freedombox-discuss] Up to date FreedomBox testing: no forwarding.

James Valleroy jvalleroy at mailbox.org
Mon Sep 4 14:56:46 BST 2023 

On 9/4/23 8:17 AM, A. F. Cano wrote:
> $ sudo firewall-cmd --permanent --list-all-policies
> allow-host-ipv6 (active)
>    priority: -15000
>    target: CONTINUE
>    ingress-zones: ANY
>    egress-zones: HOST
>    services:
>    ports:
>    protocols:
>    masquerade: no
>    forward-ports:
>    source-ports:
>    icmp-blocks:
>    rich rules:
>          rule family="ipv6" icmp-type name="neighbour-advertisement" accept
>          rule family="ipv6" icmp-type name="neighbour-solicitation" accept
>          rule family="ipv6" icmp-type name="router-advertisement" accept
>          rule family="ipv6" icmp-type name="redirect" accept

Please run the following commands:

$ sudo firewall-cmd --permanent --new-policy int_to_ext_fwd
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT

Then you should see the new policy listed:

$ sudo firewall-cmd --permanent --list-all-policies
allow-host-ipv6 (active)
   priority: -15000
   target: CONTINUE
   ingress-zones: ANY
   egress-zones: HOST
   services:
   ports:
   protocols:
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:
	rule family="ipv6" icmp-type name="neighbour-advertisement" accept
	rule family="ipv6" icmp-type name="neighbour-solicitation" accept
	rule family="ipv6" icmp-type name="router-advertisement" accept
	rule family="ipv6" icmp-type name="redirect" accept

int_to_ext_fwd (active)
   priority: 100
   target: ACCEPT
   ingress-zones: internal
   egress-zones: external
   services:
   ports:
   protocols:
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/freedombox-discuss/attachments/20230904/65e828a2/attachment.sig>

More information about the Freedombox-discuss mailing list