Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1574297 - firewalld (or firewall in general?) causing issues with IPv6
firewalld (or firewall in general?) causing issues with IPv6
Status: CLOSED DUPLICATE of bug 1575431
Product: Fedora
Classification: Fedora
Component: firewalld (Show other bugs)
28
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Eric Garver
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-02 23:07 EDT by Anthony DeDominic
Modified: 2018-08-10 10:50 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-08-10 10:50:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anthony DeDominic 2018-05-02 23:07:05 EDT
Description of problem:

After upgrading from fedora 27, I've been having intermittent issue with ipv6 traffic; pinging the gateway somehow made the connection work, however shortly after stopping, I would start getting 100% packet loss pinging an external ipv6 machine.

After reading: https://serverfault.com/questions/477471/ipv6-only-works-after-pinging-the-default-gateway?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa seemed to suggest it might be a firewall and icmp6 related issue.
I simply turned firewalld off and ipv6 traffic started working as expected.

Version-Release number of selected component (if applicable):

firewalld version: 0.5.2

How reproducible:

attempt to ping, connect or use an ipv6 host outside of the local network and wait for packet loss to occur.

Steps to Reproduce:
1. have ipv6 capable network
2. ping ipv6 host outside of local network; packet loss might take up to a minute or so to surface.

Actual results:

100% packet loss shortly after stopping pinging the gateway.

Expected results:

little to no packet loss that does not depend on constantly pinging the default gateway.

Additional info:

I'm assuming there is a configurable way to fix this but I'm not that familiar with firewalld.
Comment 1 Eric Garver 2018-05-03 08:23:41 EDT
Can you post your firewalld configuration for zone of the outgoing interface?

  # firewall-cmd --get-zone-of-interface=<interface>
  # firewall-cmd --zone=<zone> --list-all
Comment 2 Anthony DeDominic 2018-05-03 19:44:39 EDT
firewall-cmd --get-zone-of-interface=wlp58s0
FedoraWorkstation

firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp58s0
  sources: 
  services: dhcpv6-client ssh samba-client mdns
  ports: 1025-65535/udp 1025-65535/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:
Comment 3 Pete Zaitcev 2018-06-15 17:07:04 EDT
See also bug 1575431, bug 1591867. They are likely duplicated.
Comment 4 Eric Garver 2018-08-10 10:50:37 EDT

*** This bug has been marked as a duplicate of bug 1575431 ***

Note You need to log in before you can comment on or make changes to this bug.