• Jussi Laakkonen's avatar
    [connman] Ignore non-protocol IPv6 iptables rule -m switch. JB#44205 · b86ae5a1
    Jussi Laakkonen authored
    This sets to ignore all IPv6 rules with -m switch other than one of the
    supported protocols in firewall configs.
    
    The reason is that iptables matches as of now cannot be used for both
    IPv4 and IPv6. Reason for this is not clear. It may be that iptables is
    not built for it, or some implementation is missing from connman.
    
    In case of changing IP protocol in iptables.c when a same named match is
    already loaded in iptables, the content of the previous IP protocol is
    given with the function callbacks that understand only the previous IP
    protocol. IP protocol family is set correctly but everything else is
    not.
    
    This should be reverted if iptables 1.8.1 brings any changes. Or some
    new idea arises. This means that IPv6 INPUT policy can never be DROP.
    b86ae5a1
firewall.c 71.5 KB