Bug 1574297 - firewalld (or firewall in general?) causing issues with IPv6
Summary: firewalld (or firewall in general?) causing issues with IPv6
Status: CLOSED DUPLICATE of bug 1575431
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 28
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Eric Garver
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-05-03 03:07 UTC by Anthony DeDominic
Modified: 2018-08-10 14:50 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-08-10 14:50:37 UTC
Type: Bug

Attachments (Terms of Use)

Description Anthony DeDominic 2018-05-03 03:07:05 UTC
Description of problem:

After upgrading from fedora 27, I've been having intermittent issue with ipv6 traffic; pinging the gateway somehow made the connection work, however shortly after stopping, I would start getting 100% packet loss pinging an external ipv6 machine.

After reading: https://serverfault.com/questions/477471/ipv6-only-works-after-pinging-the-default-gateway?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa seemed to suggest it might be a firewall and icmp6 related issue.
I simply turned firewalld off and ipv6 traffic started working as expected.

Version-Release number of selected component (if applicable):

firewalld version: 0.5.2

How reproducible:

attempt to ping, connect or use an ipv6 host outside of the local network and wait for packet loss to occur.

Steps to Reproduce:
1. have ipv6 capable network
2. ping ipv6 host outside of local network; packet loss might take up to a minute or so to surface.

Actual results:

100% packet loss shortly after stopping pinging the gateway.

Expected results:

little to no packet loss that does not depend on constantly pinging the default gateway.

Additional info:

I'm assuming there is a configurable way to fix this but I'm not that familiar with firewalld.

Comment 1 Eric Garver 2018-05-03 12:23:41 UTC
Can you post your firewalld configuration for zone of the outgoing interface?

  # firewall-cmd --get-zone-of-interface=<interface>
  # firewall-cmd --zone=<zone> --list-all

Comment 2 Anthony DeDominic 2018-05-03 23:44:39 UTC
firewall-cmd --get-zone-of-interface=wlp58s0

firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp58s0
  services: dhcpv6-client ssh samba-client mdns
  ports: 1025-65535/udp 1025-65535/tcp
  masquerade: no
  rich rules:

Comment 3 Pete Zaitcev 2018-06-15 21:07:04 UTC
See also bug 1575431, bug 1591867. They are likely duplicated.

Comment 4 Eric Garver 2018-08-10 14:50:37 UTC

*** This bug has been marked as a duplicate of bug 1575431 ***

Note You need to log in before you can comment on or make changes to this bug.