[OpenWrt-Devel] PCP and Allow Port Forward for IPv6

Fernando Frediani fhfrediani at gmail.com
Wed Nov 21 14:25:27 EST 2018

Hello folks.

I wanted to ask something specific regarding PCP, IPv6 and incoming 
traffic to clients.

If I remember well, a long time ago when full IPv6 support was being 
added to OpenWrt there was a hot discussion if the default firewall 
rules for IPv6 should allow any incoming connections to LAN clients or 
if they should block and the exceptions should be made manually. 
Fortunately, in my view, the decision was to block by default and that's 
how it is know, if I don't miss anything.

But there are cases when incoming connections to LAN clients in IPv6 are 
necessary and most of the time they don't have admin access to the CPE.
Reading some RFCs like 6888 it talks about PCP (RFC 6887 - 
https://tools.ietf.org/html/rfc6887) which disciplines exactly this I am 
talking about on its abstract.
This is also mentioned in RFC 7368 Section 3.6.1 

Then looking at the miniupnpd package details 
(https://openwrt.org/packages/pkgdata/miniupnpd) it mentions it has a 
PCP daemon.

Question is: Is it fully implemented including support for IPv6 ? So if 
a modern Operating System makes a request to a CPE which runs this PCP 
Daemon it will be able to add the necessary iptables FORWARD rule to 
allow an incoming connection to that client which requires it ?



openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list