# [solved] allow local ibv6 icmp

## toralf

When I start my user mode linux which gets a DHCP address from dnsmasq runniggn at my host I get entires in /var/log/messages like the following 

```
Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0

Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0

Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=tap0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0

Jul 18 19:17:36 n22 kernel: MYFW6_OUT= IN= OUT=br0 SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0001:ff85:214e LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0

```

I have already a basic ipv6 firewall script in place http://bpaste.net/show/115368/ Now I'm wondering what rule I do need to allow ICMP between my UML and my host (FWIW I do have a bridge br0 defined and 3 tap devices in /etc/conf.d/net).Last edited by toralf on Fri Jul 19, 2013 6:47 pm; edited 1 time in total

----------

## Hu

It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log.  Is there some reason you cannot add a similar rule to cover the addresses you quoted here?

----------

## toralf

 *Hu wrote:*   

> It looks like you already allowed IPv6 ICMP for some uses, but not for the particular addresses shown in the log.  Is there some reason you cannot add a similar rule to cover the addresses you quoted here?

 Right, I was just unsure if ff02::/64 is similar to what 192.168.0.0/255.255.0.0 is in ipv4  ?

----------

