** Description changed: + [Impact] + + ping6 replies to multicast addresses are mistakenly blocked. ufw used to + have correct ordering for these replies, but 0.34 reorganized the icmp + rules and reintroduced LP: #720605 (this bug). multicast ping replies + are part of the ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2) but + don't have an associated connection and are marked INVALID, so move this + rule above the INVALID rules. + + [Test Case] + + On an IPv6 enabled system, perform a multicast ping like so: + + $ sudo ufw enable + $ sudo ping6 ff02::1%wlp58s0 # where 'wlp58s0' is your network iface + PING ff02::1%wlp58s0(ff02::1%wlp58s0) 56 data bytes + 64 bytes from ...addr1...: icmp_seq=1 ttl=64 time=0.081 ms + 64 bytes from ...addr2...: icmp_seq=2 ttl=64 time=0.155 ms + ^C + $ + + Without this fix, only see responses from the ff80 address of the + specified interface (ie, the 'wlp58s0' interface in the above example). + With the fix, there should be a response from other IPv6 enabled hosts + on the network. + + [Regression Potential] + + The regression potential is extremely low since we are simply moving a + single rule above another rule. The worst that could happen is that the + ping6 would continue to not work. + + + = Original description = + Hi, I have the default settings from Linux Mint 18 for ufw. When I "ping6 ff02::1%wlp3s0", I get only an answer from my own ip. Duplicates from other devices on the net get filtered. It works fine after "sudo ufw disable". ufw --version ufw 0.35 Copyright 2008-2015 Canonical Ltd. I've attached the output of ip6tables-save. There is a similar old and long fixed bug: https://bugs.launchpad.net/ufw/+bug/720605
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1664133 Title: ipv6 multicast pings don't return To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1664133/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
