Add IPv6 support #10
Open
Add IPv6 support #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ArrayBolt3
reviewed
Nov 8, 2024
ArrayBolt3
reviewed
Nov 8, 2024
ArrayBolt3
reviewed
Nov 8, 2024
ArrayBolt3
reviewed
Nov 8, 2024
ArrayBolt3
reviewed
Nov 8, 2024
ArrayBolt3
reviewed
Mar 28, 2025
Comment on lines
+217
to
+218
| ## fd09:24ef:4179::a89/112 - persistent Qubes-Whonix-Gateway IP range | ||
| ## fd09:24ef:4179::a8a/112 - DispVM Qubes-Whonix-Gateway IP range |
There was a problem hiding this comment.
Suggested change
| ## fd09:24ef:4179::a89/112 - persistent Qubes-Whonix-Gateway IP range | |
| ## fd09:24ef:4179::a8a/112 - DispVM Qubes-Whonix-Gateway IP range | |
| ## fd09:24ef:4179::a89:/112 - persistent Qubes-Whonix-Gateway IP range | |
| ## fd09:24ef:4179::a8a:/112 - DispVM Qubes-Whonix-Gateway IP range |
| @@ -39,18 +39,21 @@ variables_defaults() { | |||
| ## Would fail if netvm is set to 'none', | |||
| ## which is the case in Qubes R4 TemplateVMs. | |||
| [ -n "${GATEWAY_IP:-}" ] || GATEWAY_IP="$(qubesdb-read /qubes-gateway 2> /dev/null)" || GATEWAY_IP="127.0.0.1" | |||
| [ -n "${GATEWAY_IP6:-}" ] || GATEWAY_IP6="::ffff:$(qubesdb-read /qubes-gateway6 2> /dev/null)" || GATEWAY_IP6="::1" | |||
There was a problem hiding this comment.
Maybe I misunderstood something, but I was under the impression that the /qubes-gateway6 qubesdb entry contained an IPv6 address. This looks like it's being used as an IPv4 address though.
Comment on lines
337
to
+343
| if [ -n "$SYSTEMCHECK_USER" ]; then | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" inet daddr 127.0.0.1 counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" ip daddr 127.0.0.1 counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" ip6 daddr ::1 counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" inet daddr "$GATEWAY_IP" counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" inet daddr "$GATEWAY_IP6" counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" inet daddr "$GATEWAY_IP_HARDCODED" counter accept | ||
| $nftables_cmd add rule inet filter output skuid "$SYSTEMCHECK_USER" inet daddr "$GATEWAY_IP6_HARDCODED" counter accept |
There was a problem hiding this comment.
How come the loopback address rule had the inet part split into ip and ip6, but the GATEWAY_IP(6) and GATEWAY_IP_HARDCODED(6) rules weren't?
This was referenced Jun 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds IPv6 support
Mandatory Checklist
Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint
Optional Checklist
The following items are optional but might be requested in certain cases.