Router solicitation blocked, makes network-manager complain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
In Vivid, my syslog is full of complains by network-manager about blocked Router solicitation.
In my log, I get things like this:
...
Mar 20 12:47:04 franck-
Mar 20 12:47:04 franck-
Mar 20 12:47:05 franck-
Mar 20 12:47:08 franck-
Mar 20 12:47:09 franck-
Mar 20 12:47:12 franck-
Mar 20 12:47:13 franck-
Mar 20 12:47:16 franck-
Mar 20 12:47:17 franck-
Mar 20 12:47:20 franck-
Mar 20 12:47:21 franck-
Mar 20 12:47:24 franck-
Mar 20 12:47:24 franck-
Mar 20 12:47:25 franck-
Mar 20 12:47:28 franck-
...
and so on.
I have read through http://
Here is the output of ip6tables --list :
Chain INPUT (policy DROP)
target prot opt source destination
ufw6-before-
ufw6-before-input all anywhere anywhere
ufw6-after-input all anywhere anywhere
ufw6-after-
ufw6-reject-input all anywhere anywhere
ufw6-track-input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw6-before-
ufw6-before-forward all anywhere anywhere
ufw6-after-forward all anywhere anywhere
ufw6-after-
ufw6-reject-forward all anywhere anywhere
ufw6-track-forward all anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ufw6-before-
ufw6-before-output all anywhere anywhere
ufw6-after-output all anywhere anywhere
ufw6-after-
ufw6-reject-output all anywhere anywhere
ufw6-track-output all anywhere anywhere
Chain ufw6-after-forward (1 references)
target prot opt source destination
Chain ufw6-after-input (1 references)
target prot opt source destination
ufw6-skip-
ufw6-skip-
ufw6-skip-
ufw6-skip-
ufw6-skip-
ufw6-skip-
Chain ufw6-after-
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-output (1 references)
target prot opt source destination
Chain ufw6-before-forward (1 references)
target prot opt source destination
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ufw6-user-forward all anywhere anywhere
Chain ufw6-before-input (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmp echo-reply
ufw6-logging-deny all anywhere anywhere ctstate INVALID
DROP all anywhere anywhere ctstate INVALID
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT udp anywhere ff02::fb udp dpt:mdns
ACCEPT udp anywhere ff02::f udp dpt:1900
ufw6-user-input all anywhere anywhere
Chain ufw6-before-
target prot opt source destination
Chain ufw6-before-
target prot opt source destination
Chain ufw6-before-
target prot opt source destination
Chain ufw6-before-output (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ufw6-user-output all anywhere anywhere
Chain ufw6-logging-allow (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw6-logging-deny (1 references)
target prot opt source destination
RETURN all anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-reject-forward (1 references)
target prot opt source destination
Chain ufw6-reject-input (1 references)
target prot opt source destination
Chain ufw6-reject-output (1 references)
target prot opt source destination
Chain ufw6-skip-
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-track-forward (1 references)
target prot opt source destination
Chain ufw6-track-input (1 references)
target prot opt source destination
Chain ufw6-track-output (1 references)
target prot opt source destination
Chain ufw6-user-forward (1 references)
target prot opt source destination
Chain ufw6-user-input (1 references)
target prot opt source destination
ACCEPT udp anywhere anywhere multiport dports 6881:6882
ACCEPT tcp anywhere anywhere multiport dports 6881:6882
Chain ufw6-user-limit (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all anywhere anywhere reject-with icmp6-port-
Chain ufw6-user-
target prot opt source destination
ACCEPT all anywhere anywhere
Chain ufw6-user-
target prot opt source destination
Chain ufw6-user-
target prot opt source destination
Chain ufw6-user-
target prot opt source destination
Chain ufw6-user-output (1 references)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:ipp
ACCEPT udp anywhere anywhere udp dpt:ipp
ACCEPT tcp anywhere anywhere tcp dpt:domain
ACCEPT udp anywhere anywhere udp dpt:domain
ACCEPT udp anywhere anywhere udp dpt:bootps
ACCEPT tcp anywhere anywhere tcp dpt:https
ACCEPT tcp anywhere anywhere tcp dpt:http
ACCEPT tcp anywhere anywhere tcp dpt:imap2
ACCEPT tcp anywhere anywhere tcp dpt:ssh
ACCEPT tcp anywhere anywhere tcp dpt:postgresql
ACCEPT tcp anywhere anywhere tcp dpt:http-alt
ACCEPT udp anywhere anywhere multiport dports netbios-
ACCEPT tcp anywhere anywhere multiport dports netbios-
ACCEPT tcp anywhere anywhere tcp dpt:l2f
ACCEPT tcp anywhere anywhere tcp dpt:imaps
ACCEPT tcp anywhere anywhere tcp dpt:git
ACCEPT tcp anywhere anywhere tcp dpt:whois
ACCEPT udp anywhere anywhere udp dpt:43
ACCEPT tcp anywhere anywhere tcp dpt:ircd
ACCEPT tcp anywhere anywhere tcp dpt:3389
ACCEPT udp anywhere anywhere multiport dports 6881:6882
ACCEPT tcp anywhere anywhere multiport dports 6881:6882
Maybe /etc/ufw/
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: ufw 0.34~rc-0ubuntu5
ProcVersionSign
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Mar 20 12:43:56 2015
InstallationDate: Installed on 2014-12-13 (96 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
PackageArchitec
SourcePackage: ufw
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
Related branches
Changed in ufw (Ubuntu): | |
importance: | Undecided → High |
Changed in ufw (Ubuntu): | |
status: | Confirmed → In Progress |
Adding allow router-solicatation and router- advertisement in before6-output seems to solve the problem.
It also seems pretty legit as of 4.3.3, 4.4.1 and A7 of http:// www.ietf. org/rfc/ rfc4890. txt
That said, I'm not a networking security expert, this needs reviewing :-)