[OpenWrt-Devel] PCP and Allow Port Forward for IPv6
Fernando Frediani
fhfrediani at gmail.com
Wed Nov 21 14:25:27 EST 2018
Hello folks.
I wanted to ask something specific regarding PCP, IPv6 and incoming
traffic to clients.
If I remember well, a long time ago when full IPv6 support was being
added to OpenWrt there was a hot discussion if the default firewall
rules for IPv6 should allow any incoming connections to LAN clients or
if they should block and the exceptions should be made manually.
Fortunately, in my view, the decision was to block by default and that's
how it is know, if I don't miss anything.
But there are cases when incoming connections to LAN clients in IPv6 are
necessary and most of the time they don't have admin access to the CPE.
Reading some RFCs like 6888 it talks about PCP (RFC 6887 -
https://tools.ietf.org/html/rfc6887) which disciplines exactly this I am
talking about on its abstract.
This is also mentioned in RFC 7368 Section 3.6.1
(https://tools.ietf.org/html/rfc7368#section-3.6.1)
Then looking at the miniupnpd package details
(https://openwrt.org/packages/pkgdata/miniupnpd) it mentions it has a
PCP daemon.
Question is: Is it fully implemented including support for IPv6 ? So if
a modern Operating System makes a request to a CPE which runs this PCP
Daemon it will be able to add the necessary iptables FORWARD rule to
allow an incoming connection to that client which requires it ?
Thanks
Regards
Fernando
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list