Bug#992132: firewalld: ipv6_rpfilter blocks wireguard traffic

Lego Thu, 12 Aug 2021 16:21:35 -0700

Package: firewalld
Version: 0.9.3-2
Severity: important
Tags: ipv6
X-Debbugs-Cc: legog...@protonmail.com


Dear Maintainer,

The current version of firewalld breaks outbound ipv6 networking for wireguard
tunnels. More specifically, rp_filter gets applied too early, resulting
in fwmarked packets getting dropped. Reported and fixed in upstream (as
of 1.0.0).

Upstream issue: https://github.com/firewalld/firewalld/issues/603
Patch: 
https://github.com/firewalld/firewalld/commit/f250c2c507d63419a2c263f3adb47cef93613a5f


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firewalld depends on:
ii  dbus              1.12.20-2
ii  gir1.2-glib-2.0   1.66.1-1+b1
ii  gir1.2-nm-1.0     1.30.0-2
ii  iptables          1.8.7-1
ii  policykit-1       0.105-31
ii  python3           3.9.2-3
ii  python3-dbus      1.2.16-5
ii  python3-firewall  0.9.3-2
ii  python3-gi        3.38.0-2
ii  python3-nftables  0.9.8-3.1

Versions of packages firewalld recommends:
ii  ipset  7.10-1

firewalld suggests no packages.

-- no debconf information

Bug#992132: firewalld: ipv6_rpfilter blocks wireguard traffic

Reply via email to