Eric Garver
Eric Garver
> Is it possible to run the firewall Python module without root access? Yes. It's possible to specify and customize the polkit authorization. In practice (default) config changes require root,...
The steam support forums [1] say: > The network transfer happens on TCP port 27040 and it needs to be allowed by local firewall software. You also need to open...
No. Not a problem.
Hrm. I don't think this unexpected. Loading `br_netfilter` is saying "send bridged frames to netfilter, and filter them like they're layer 3 (IP/IPv6) packets"... and that's exactly what is happening....
> There is no rp_filter sysctl for IPv6. It is the firewall rule utilizing rpfilter in ip6tables or fib in nft that is now responsible for the implementation. Right. >...
> > > There is no rp_filter sysctl for IPv6. It is the firewall rule utilizing rpfilter in ip6tables or fib in nft that is now responsible for the implementation....
I just authored a blog post that I think is related to this topic. Maybe you'll find it useful. https://firewalld.org/2024/04/strictly-filtering-docker-containers
> I personally also think that this is a departure from the IPv4 behavior It's a departure because the ipv4 rp_filter sysctl is implemented in the IP stack; not netfilter....
IMO, the only "user friendly" thing we can do here is have firewalld detect if `br_netfilter` is loaded and if `IPv6_filter=yes` then log an INFO/WARN. But that may trigger a...