Page MenuHomeVyOS Platform

Firewall ipv6 p2p option failed
Open, LowPublicBUG

Description

The p2p option is still available in ipv6.

in ipv4 it was diasbled some time ago:
https://github.com/vyos/vyatta-cfg-firewall/commit/8aeecd467038ad42e0dd425cda5fcf50cdc88069

in vyos 1.3.1:

set firewall ipv6-name TEST rule 1 action drop
set firewall ipv6-name TEST rule 1 p2p all
commit
[ firewall ipv6-name TEST ]
ip6tables v1.8.2 (nf_tables): Couldn't load match `ipp2p':No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables error:  - -m comment --comment "TEST-1"     -m ipp2p --apple --bit --dc --edk --gnu --kazaa  -j DROP  at /opt/vyatta/sbin/vyatta-firewall.pl line 708.

[[firewall ipv6-name TEST]] failed

Details

Difficulty level
Easy (less than an hour)
Version
1.3.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

The same behavior for 1.2
It seems some old/depricated pkg ipp2p

vyos@r12# set firewall ipv6-name TEST rule 1 action drop
[edit]
vyos@r12# set firewall ipv6-name TEST rule 1 p2p all
[edit]
vyos@r12# commit
[ firewall ipv6-name TEST ]
ip6tables v1.4.21: Couldn't load match `ipp2p':No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables error:  - -m comment --comment "TEST-1"     -m ipp2p --apple --bit --dc --edk --gnu --kazaa  -j DROP  at /opt/vyatta/sbin/vyatta-firewall.pl line 708.

[[firewall ipv6-name TEST]] failed
Commit failed
[edit]
vyos@r12# 
[edit]
vyos@r12# run show ver
Version:          VyOS 1.2.8
Release Train:    crux