This may (but also may not) be the same issue I just reported in #992132. If so it is fixed upstream.
On Thu, 13 Feb 2020 15:09:01 +0100 Andreas Dobloug <andreas.dobl...@usit.uio.no> wrote: > Package: firewalld > Version: 0.6.3-5 > Severity: normal > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > firewalld blocks replies from a dhcpv6 server when using a dhcp-relay > > This is caused by the limitation in > /usr/lib/firewalld/services/dhcpv6-client.xml > > The DHCP reply will contain the from-address of the DHCP server, > which may not be on the local subnet when using a DHCP-relay. > > > -- System Information: > Debian Release: 10.3 > APT prefers stable-updates > APT policy: (600, 'stable-updates'), (600, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) > Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages firewalld depends on: > ii dbus 1.12.16-1 > ii gir1.2-glib-2.0 1.58.3-2 > ii init-system-helpers 1.56+nmu1 > ii iptables 1.8.2-4 > ii policykit-1 0.105-25 > ii python3 3.7.3-1 > ii python3-dbus 1.2.8-3 > ii python3-gi 3.30.4-1 > ii python3-slip-dbus 0.6.5-2 > > Versions of packages firewalld recommends: > ii ipset 6.38-1.2 > > firewalld suggests no packages. > > -- Configuration Files: > /etc/firewalld/firewalld.conf [Errno 13] Permission denied: > '/etc/firewalld/firewalld.conf' > /etc/firewalld/lockdown-whitelist.xml [Errno 13] Permission denied: > '/etc/firewalld/lockdown-whitelist.xml' > > -- no debconf information > >
