diff --git a/Samples6/three-interfaces/shorewall6.conf b/Samples6/three-interfaces/shorewall6.conf index 3d94652e9..71bfa5764 100644 --- a/Samples6/three-interfaces/shorewall6.conf +++ b/Samples6/three-interfaces/shorewall6.conf @@ -91,6 +91,8 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' # F I R E W A L L O P T I O N S ############################################################################### +IP_FORWARDING=On + TC_ENABLED=No TC_EXPERT=No diff --git a/Samples6/two-interfaces/shorewall6.conf b/Samples6/two-interfaces/shorewall6.conf index 3d94652e9..71bfa5764 100644 --- a/Samples6/two-interfaces/shorewall6.conf +++ b/Samples6/two-interfaces/shorewall6.conf @@ -91,6 +91,8 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' # F I R E W A L L O P T I O N S ############################################################################### +IP_FORWARDING=On + TC_ENABLED=No TC_EXPERT=No diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index af5f6289f..c0d340937 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -52,8 +52,8 @@ New Features in Shorewall 4.3 a) There is no NAT of any kind (most people see this as a giant step forward). When an ISP assigns you a public IPv6 address, you are actually assigned an IPv6 'prefix' which is like an IPv4 - subnet. A 96-bit prefix allows 4 billion individual hosts (the - size of the current IPv4 address space). + subnet. A 64-bit prefix allows 4 billion squared individual hosts + (the size of the current IPv4 address space squared). b) The default zone type is ipv6. diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 2a868e410..0094650da 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -546,10 +546,10 @@ EOF } } else { if ( $config{IP_FORWARDING} eq 'on' ) { - emit( 'echo 1 > /proc/sys/net/ipv6/config/all/forwarding', + emit( 'echo 1 > /proc/sys/net/ipv6/conf/all/forwarding', 'progress_message2 IP Forwarding Enabled' ); } elsif ( $config{IP_FORWARDING} eq 'off' ) { - emit( 'echo 0 > /proc/sys/net/ipv6/config/all/forwarding', + emit( 'echo 0 > /proc/sys/net/ipv6/conf/all/forwarding', 'progress_message2 IP Forwarding Disabled!' ); } diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index e36a12e60..a2a85cd02 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -211,10 +211,10 @@ sub setup_forwarding( $ ) { } } else { if ( $config{IP_FORWARDING} eq 'on' ) { - emit ' echo 1 > /proc/sys/net/ipv6/config/all/forwarding'; + emit ' echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'; emit ' progress_message2 IP Forwarding Enabled'; } elsif ( $config{IP_FORWARDING} eq 'off' ) { - emit ' echo 0 > /proc/sys/net/ipv6/config/all/forwarding'; + emit ' echo 0 > /proc/sys/net/ipv6/conf/all/forwarding'; emit ' progress_message2 IP Forwarding Disabled!'; emit ''; } diff --git a/Shorewall-perl/prog.functions6 b/Shorewall-perl/prog.functions6 index 4fcfc11bd..1c041e04c 100644 --- a/Shorewall-perl/prog.functions6 +++ b/Shorewall-perl/prog.functions6 @@ -10,7 +10,7 @@ clear_firewall() { run_iptables -F - echo 1 > /proc/sys/net/ipv6/config/all/forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding run_clear_exit diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf index c309f48a6..31fa024ea 100644 --- a/Shorewall6/shorewall6.conf +++ b/Shorewall6/shorewall6.conf @@ -91,6 +91,8 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' # F I R E W A L L O P T I O N S ############################################################################### +IP_FORWARDING=Off + TC_ENABLED=No TC_EXPERT=No