Package: nftables
Version: 0.7-1
Severity: important
Tags: ipv6
Dear Maintainer,
* What led up to the situation?
Tried to migrate my iptables/ip6tables based firewall to nftables.
* What exactly did you do (or not do) that was effective (or
ineffective)?
inet input and output chains have a
ip6 nexthdr ipv6-icmp counter accept
expression in the ruleset.nft config file
* What was the outcome of this action?
ICMPv6 output frames are rejected, ICMPv6 input frames are dropped.
This breaks neighborhood discovery, ping6 gets no reply (the response frames
are not passed in the router). This is not a router configuration problem,
because switching to the iptables/ip6tables setup makes IPv6 work again.
* What outcome did you expect instead?
ICMPv6 frames should be accepted to make neighborhood discovery possible.
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii dpkg 1.18.24
ii init-system-helpers 1.48
ii libc6 2.24-11
ii libgmp10 2:6.1.2+dfsg-1
ii libmnl0 1.0.4-2
ii libnftnl4 1.0.7-1
ii libreadline7 7.0-3
ii libxtables12 1.6.0+snapshot20161117-6
nftables recommends no packages.
nftables suggests no packages.
-- no debconf information
