[bug] Default firewall rules block DHCP +fix availible
asked 2020-01-19 00:04:23 +0200
Both DHCPv4 and DHCPv6 are blocked by default firewall rules in Sailfish OS 3.2.1.20(package connman-configs-sailfish), which breaks network configuration. Connecting to a stateful-ipv6 configured router won't work at all, and on stateless+dhcp ipv6 configuration, client won't get DNS configuration from router. IPv4 breaks too(wrong ip address assigned to the interface, somehow).
The solution is to add these firewall input rules:
IPv4.INPUT.RULES = -p udp -m multiport --ports 67:68 -j ACCEPT
IPv6.INPUT.RULES = -p udp -m multiport --ports 546:547 -j ACCEPT
UPD: I couldn't find the git for connman-configs-sailfish package, if someone knows where it is, please, tell me. UPD2: Nevermind, connman-configs-sailfish is not open source
Obviously “-p upd” is wrong ;)
Nieldk ( 2020-01-19 12:46:16 +0200 )edit@Nieldk Why? I am pretty sure that both DHCPv4 and DHCPv6 use UDP ports, and everything is mostly working since I added these rules(connman doesn't get /60 prefix though, only /64 IA_NA, but it works if I use dhcpcd instead of connman).
0xe4524ffe ( 2020-01-19 16:28:04 +0200 )editIt's just a typo: "udp" instead of "upd" - but I was also confused first :-)
takimata ( 2020-01-19 17:12:49 +0200 )edit@takimata oh my god, how I haven't noticed that
0xe4524ffe ( 2020-01-19 17:28:11 +0200 )edit@asked Could you explain the right way to add this two rules? Terminal? I am an beginner :(
Ralf ( 2020-01-19 18:42:57 +0200 )editThanks in advance.