I might have figured out a more proper / upstreamable solution to this: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1827#note_3161920
Will integrate and test tomorrow to see if it works as I expect. -- You received this bug notification because you are a member of Debcrafters packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2128668 Title: Wi-Fi hotspot startup does not configure firewalls as needed for internet sharing Status in network-manager package in Ubuntu: In Progress Bug description: SRU Justification: [ Impact ] When a wi-fi hotspot is being broadcast, NetworkManager does not automatically configure all firewall rules as needed for clients to access the internet. [ Test Plan ] Start wi-fi hotspot on device running ufw that is connected to the internet [ Actual result ] Clients cannot connect to the internet via the hotspot. Only after adding custom firewall rules such as those described above can the client connect to the internet. [ Expected result ] Clients can connect to the internet via the hotspot [ Fix ] At minimum, the following is needed to enable this: 1. Enable routing from wireless adapter to wired adapter (ex: sudo ufw route allow in on wlP9s9 out on enp1s0 (varies depending on adapter names)) 2. Set iptables forwarding rules correctly (ex: sudo iptables -P FORWARD ACCEPT) 3. If the host is running its own DNS / DHCP servers, those will also have to be allowed by the firewall (Discussion ongoing upstream) [ Where problems could occur ] Specifics to be researched To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2128668/+subscriptions -- Mailing list: https://launchpad.net/~debcrafters-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~debcrafters-packages More help : https://help.launchpad.net/ListHelp
