Red Hat Bugzilla – Bug 1574297
firewalld (or firewall in general?) causing issues with IPv6
Last modified: 2018-08-10 10:50:37 EDT
Description of problem:
After upgrading from fedora 27, I've been having intermittent issue with ipv6 traffic; pinging the gateway somehow made the connection work, however shortly after stopping, I would start getting 100% packet loss pinging an external ipv6 machine.
After reading: https://serverfault.com/questions/477471/ipv6-only-works-after-pinging-the-default-gateway?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa seemed to suggest it might be a firewall and icmp6 related issue.
I simply turned firewalld off and ipv6 traffic started working as expected.
Version-Release number of selected component (if applicable):
firewalld version: 0.5.2
attempt to ping, connect or use an ipv6 host outside of the local network and wait for packet loss to occur.
Steps to Reproduce:
1. have ipv6 capable network
2. ping ipv6 host outside of local network; packet loss might take up to a minute or so to surface.
100% packet loss shortly after stopping pinging the gateway.
little to no packet loss that does not depend on constantly pinging the default gateway.
I'm assuming there is a configurable way to fix this but I'm not that familiar with firewalld.
Can you post your firewalld configuration for zone of the outgoing interface?
# firewall-cmd --get-zone-of-interface=<interface>
# firewall-cmd --zone=<zone> --list-all
firewall-cmd --zone=FedoraWorkstation --list-all
services: dhcpv6-client ssh samba-client mdns
ports: 1025-65535/udp 1025-65535/tcp
See also bug 1575431, bug 1591867. They are likely duplicated.
*** This bug has been marked as a duplicate of bug 1575431 ***