Enable loopback traffic under DISABLE_IPV6

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3172 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-08-03 20:36:50 +02:00 · 2005-12-17 01:55:02 +00:00
parent 5b3fef21a8
commit 0273709c6f
3 changed files with 16 additions and 3 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,6 +4,8 @@ Changes in 3.0.4

 2)  Add 'Limit' as a standard action.

+3)  Enabled loopback traffic under the DISABLE_IPV6 option.
+
 Changes in 3.0.3

 1) Implement "shorewall show macros"
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1896,9 +1896,13 @@ disable_ipv6() {
    if [ -n "$foo" ]; then
 	if qt mywhich ip6tables; then
 	    save_progress_message "Disabling IPV6..."
-	    ip6tables -P FORWARD DROP && save_command ip6tables -P FORWARD DROP
-	    ip6tables -P INPUT DROP   && save_command ip6tables -P INPUT DROP
-	    ip6tables -P OUTPUT DROP  && save_command ip6tables -P OUTPUT DROP
+	    ip6tables -P FORWARD DROP           && save_command ip6tables -P FORWARD DROP
+	    ip6tables -P INPUT DROP             && save_command ip6tables -P INPUT DROP
+	    ip6tables -P OUTPUT DROP            && save_command ip6tables -P OUTPUT DROP
+	    ip6tables -F                        && save_command ip6tables -F
+	    ip6tables -X                        && save_command ip6tables -X
+	    ip6tables -A OUTPUT -o lo -j ACCEPT && save_command ip6tables -A OUTPUT -o lo -j ACCEPT
+	    ip6tables -A INPUT -i lo -j ACCEPT  && save_command ip6tables -A INPUT -i lo -j
 	else
 	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
 	fi
@ -1914,6 +1918,10 @@ disable_ipv6_1() {
 	    ip6tables -P FORWARD DROP
 	    ip6tables -P INPUT DROP
 	    ip6tables -P OUTPUT DROP
+	    ip6tables -F
+	    ip6tables -X
+	    ip6tables -A OUTPUT -o lo -j ACCEPT
+	    ip6tables -A INPUT -i lo -j ACCEPT
 	else
 	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
 	fi
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -51,6 +51,9 @@ Problems Corrected in 3.0.4
 1)  The shorewall.conf file is once again "console friendly". Patch is
    courtesy of Tuomo Soini.

+2)  DISABLE_IPV6 no longer disabled local (loopback) IPV6 traffic. This
+    change is reported to improve Java startup time on some distributions.
+
 Migration Considerations for Users upgrading from Shorewall 2.x.

 1) The "monitor" command has been eliminated.