New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DHCPv6 improvements #21882
DHCPv6 improvements #21882
Conversation
@abbradar, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @wkennington and @fpletz to be potential reviewers. |
a851d61
to
2bcb6c7
Compare
9508a3a
to
9372f7c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not using the ISC dhcpd much these days and didn't test this myself but the code looks good and there is a test. And more support for IPv6 is always nice. Awesome! 👍
} | ||
]; | ||
description = '' | ||
A list mapping Ethernet addresses to IPv${postfix} addresses for the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indention. ;)
@fpletz Do you think it's okay to allow DHCPv6 client traffic in firewall unconditionally? I don't see any immediate security problems (it's also enabled in Red Hat by default it seems, not sure about others) but I'm a newcomer to IPv6... |
@abbradar I agree that this shouldn't be a security issue. The rule strict enough so only packets from hosts in the same broadcast domain will be accepted (link-local addresses). And the allowed destination port is reserved for |
Motivation for this change
dhcpd
running for DHCPv4 and DHCPv6 respectively, with separate configuration;Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)