From 69f9a1a33c1a7152cb7d4473b6e7580d147b3e8a Mon Sep 17 00:00:00 2001
From: Jiri Popelka <jpopelka@redhat.com>
Date: Mon, 1 Dec 2014 12:46:00 +0100
Subject: [PATCH] add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)

In firewalld it's also allowed by default.
---
 iptables.spec       | 5 ++++-
 sysconfig_ip6tables | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/iptables.spec b/iptables.spec
index 1448f1c..fde6de2 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -7,7 +7,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.21
-Release: 13%{?dist}
+Release: 14%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -221,6 +221,9 @@ done
 
 
 %changelog
+* Mon Dec 01 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-14
+- add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
+
 * Mon Nov 03 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-13
 - iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
 
diff --git a/sysconfig_ip6tables b/sysconfig_ip6tables
index 1c1a825..34b8b87 100644
--- a/sysconfig_ip6tables
+++ b/sysconfig_ip6tables
@@ -9,6 +9,7 @@
 -A INPUT -p ipv6-icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
 -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
 COMMIT